CVE-2024-26251: Microsoft SharePoint Server Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.8)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Apr

Released

2024-04-09

EPSS Score

0.39% (percentile: 60.3%)

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token.

Affected Products (3)

Microsoft Office

• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft SharePoint Server 2016

Security Updates (3)

• 5002580
• 5002581
• 5002583

Acknowledgments

<a href="https://github.com/kaje11">Kajetan Rostojek</a>

Revision History

• 2024-04-09: Information published.