CVE-2024-49064XML External Entity (XXE) Injection in Microsoft Sharepoint Enterprise Server 2016

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Sharepoint Enterprise Server 2016Microsoft Sharepoint Server 2019Microsoft Sharepoint Server Subscription Edition+1 more
Timeline
PublishedDec 12

Description

Microsoft SharePoint Information Disclosure Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5microsoft/microsoft_sharepoint_server_201916.0.016.0.10416.20026
CVEListV5microsoft/microsoft_sharepoint_enterprise_server_201616.0.016.0.5478.1000
CVEListV5microsoft/microsoft_sharepoint_server_subscription_edition16.0.016.0.17928.20290
NVDmicrosoft/sharepoint_server2016, 2019+1

🔴Vulnerability Details

2
GHSA
GHSA-2gwv-p3pp-2hvm: Microsoft SharePoint Information Disclosure Vulnerability2024-12-12
CVEList
Microsoft SharePoint Information Disclosure Vulnerability2024-12-10

📋Vendor Advisories

1
Microsoft
Microsoft SharePoint Information Disclosure Vulnerability2024-12-10
CVE-2024-49064 — XML External Entity (XXE) Injection | cvebase