Microsoft SharePoint Server Information Disclosure Vulnerability - 20240611001

Overview

The WA SOC has been made aware of vulnerability in Microsoft SharePoint Server that could allow an unauthenticated attacker to disclose sensitive information by sending a specially crafted request. The vulnerability is caused by improper restriction of XML external entity references.

What is vulnerable?

Product(s)	Versions	CVE #	Severity	CVSS
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition	Affected from 16.0.0 before 16.0.5448.1000 Affected from 16.0.0 before 16.0.10409.20047 Affected from 16.0.0 before 16.0.17328.20292	CVE-2024-30043	Medium	6.5

What has been observed?

There are currently no reports of these vulnerabilities being exploited in the wild at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):

• SharePoint Server 2024 https://support.microsoft.com/help/5002599
• SharePoint Server 2019 https://support.microsoft.com/help/5002596
• SharePoint Server 2016 https://support.microsoft.com/help/5002598

Additional References

• ZeroDayInitiative: https://www.zerodayinitiative.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud
• SecurityOnline: https://securityonline.info/poc-exploit-releases-for-microsoft-sharepoint-information-disclosure-flaw-cve-2024-30043/