平台
sharepoint
组件
microsoft-sharepoint-server
修复版本
16.0.5456.1000
16.0.10412.20001
16.0.17328.20424
CVE-2024-32987 is an Information Disclosure vulnerability affecting Microsoft SharePoint Server. This vulnerability allows an attacker to potentially access sensitive information within the SharePoint environment. It impacts versions 16.0.0 through 16.0.17328.20424. A security update has been released to address this issue.
Successful exploitation of CVE-2024-32987 could allow an attacker to gain unauthorized access to sensitive data stored within a SharePoint Server instance. The specific data exposed depends on the SharePoint configuration and permissions, but could include user credentials, internal documents, or other confidential information. This could lead to data breaches, reputational damage, and potential regulatory fines. While the vulnerability description doesn't detail a specific attack vector, the potential for information leakage makes it a significant security concern.
CVE-2024-32987 was publicly disclosed on July 9, 2024. As of this date, there are no publicly available proof-of-concept exploits. The vulnerability’s severity is rated HIGH (CVSS 7.5), indicating a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog. Active campaigns targeting this vulnerability are not currently known.
Organizations heavily reliant on Microsoft SharePoint Server for document management and collaboration are at significant risk. Specifically, deployments with weak access controls or those storing sensitive data within SharePoint are particularly vulnerable. Environments that have not been regularly patched or updated are also at increased risk.
• windows / sharepoint:
Get-SPOSite -Limit 1000 | Select-Object URL, Title, Owner• generic web:
curl -I https://<sharepoint_url>/_layouts/15/settings.php• generic web:
grep -i "SharePoint Server" /var/log/apache2/access.logdisclosure
漏洞利用状态
EPSS
3.74% (88% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-32987 is to upgrade Microsoft SharePoint Server to version 16.0.17328.20424 or later. Before applying the update, it's recommended to review Microsoft's documentation for any potential compatibility issues or breaking changes. Consider testing the update in a non-production environment first. If immediate patching is not possible, review SharePoint permissions and access controls to minimize the potential impact of a successful attack. Implement network segmentation to limit access to SharePoint servers. After the upgrade, verify the fix by attempting to reproduce the vulnerability using known attack patterns (if available) or by reviewing SharePoint logs for any suspicious activity.
将 Microsoft SharePoint Server 更新到版本 16.0.5456.1000、16.0.10412.20001 或 16.0.17328.20424,或更高版本,具体取决于您的安装情况。请参阅 Microsoft 安全公告以获取更多详细信息和说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-32987 is a vulnerability in Microsoft SharePoint Server that could allow an attacker to access sensitive information. It has a CVSS score of 7.5 (HIGH) and affects versions 16.0.0–16.0.17328.20424.
If you are running Microsoft SharePoint Server versions 16.0.0 through 16.0.17328.20424, you are potentially affected by this vulnerability. Check your version and apply the security update.
The recommended fix is to upgrade to Microsoft SharePoint Server version 16.0.17328.20424 or later. Review Microsoft's documentation for upgrade instructions and potential compatibility issues.
As of July 9, 2024, there are no publicly known active exploitation campaigns targeting CVE-2024-32987, but the HIGH severity warrants prompt remediation.
Refer to the official Microsoft Security Update Guide for CVE-2024-32987: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987)