CVE-2024-30043 — XML External Entity (XXE) Injection in Microsoft Sharepoint Enterprise Server 2016

Severity

7.5HIGHNVD

CNA6.5

EPSS

54.1%

top 1.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 14

Latest updateAug 22

Description

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

GHSA

GHSA-j424-2gw5-5mrv: Microsoft SharePoint Server Information Disclosure Vulnerability↗2024-05-14

▶

CVEList

Microsoft SharePoint Server Information Disclosure Vulnerability↗2024-05-14

▶

Suricata

ET HUNTING Microsoft Sharepoint SPXmlDataSource ASPX DataFile Fetch Inbound (CVE-2024-30043)↗2025-08-22

▶

Microsoft

Microsoft SharePoint Server Information Disclosure Vulnerability↗2024-05-14

▶

Trendmicro

CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud↗2024-05-30

▶

Trendmicro

CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud↗2024-05-30

▶