Cyber Resilience

CVE-2024-32987

High

Published: 09 July 2024

Published
09 July 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0374 88.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32987 is a high-severity SSRF (CWE-918) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Microsoft SharePoint Server contains an information disclosure vulnerability tracked as CVE-2024-32987. The flaw carries a CVSS 3.1 base score of 7.5 with an attack vector of network, low complexity, and no required privileges or user interaction, resulting in high impact to confidentiality. It is associated with CWE-918, indicating server-side request forgery behavior.

An unauthenticated attacker reachable over the network can send crafted requests that cause the SharePoint server to retrieve and expose internal or otherwise inaccessible resources. Successful exploitation yields disclosure of sensitive information without the need for credentials or user assistance.

The EPSS score started low after the July 2024 disclosure, rose to a peak of 0.0654 on 2025-12-18, and has since receded to 0.0374; this upward trajectory indicates that exploitation interest increased after public release. Practitioners should consult the Microsoft Security Response Center advisory at the listed reference URL for official patch and mitigation guidance.

EU & UK References

Vulnerability details

Microsoft SharePoint Server Information Disclosure Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
sharepoint server
2016, 2019, all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

References