CVE-2024-30043
Published: 14 May 2024
Summary
CVE-2024-30043 is a medium-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft SharePoint Server contains an information disclosure vulnerability tracked as CVE-2024-30043 and assigned CWE-611. The flaw received a CVSS 3.1 score of 6.5 with an attack vector of network, low attack complexity, low required privileges, and no user interaction, resulting in high impact to confidentiality while leaving integrity and availability unaffected.
An authenticated attacker with low privileges can send specially crafted requests over the network to the affected SharePoint Server instance and obtain sensitive information that would otherwise be restricted. The same access level is sufficient to trigger the flaw without any additional user interaction or elevated rights on the target system.
Microsoft has published an advisory for CVE-2024-30043 at the Microsoft Security Response Center, which security teams should consult for official patch availability and recommended actions. The current and peak EPSS score for the vulnerability stands at 0.5933.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-27983
Vulnerability details
Microsoft SharePoint Server Information Disclosure Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.