CVE-2024-32987
Published: 09 July 2024
Summary
CVE-2024-32987 is a high-severity SSRF (CWE-918) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft SharePoint Server contains an information disclosure vulnerability tracked as CVE-2024-32987. The flaw carries a CVSS 3.1 base score of 7.5 with an attack vector of network, low complexity, and no required privileges or user interaction, resulting in high impact to confidentiality. It is associated with CWE-918, indicating server-side request forgery behavior.
An unauthenticated attacker reachable over the network can send crafted requests that cause the SharePoint server to retrieve and expose internal or otherwise inaccessible resources. Successful exploitation yields disclosure of sensitive information without the need for credentials or user assistance.
The EPSS score started low after the July 2024 disclosure, rose to a peak of 0.0654 on 2025-12-18, and has since receded to 0.0374; this upward trajectory indicates that exploitation interest increased after public release. Practitioners should consult the Microsoft Security Response Center advisory at the listed reference URL for official patch and mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30732
Vulnerability details
Microsoft SharePoint Server Information Disclosure Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.