|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-05-16 | |
| Rule Name: | Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-30044) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | SharePoint is a powerful collaboration platform that allows you to share and manage content, knowledge, and applications to enhance teamwork. An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted Sharepoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the Sharepoint Server. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044 |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044 |