Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-26251 (GCVE-0-2024-26251)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:01 – Updated: 2025-05-03 00:40
VLAI
EPSS
Title
Microsoft SharePoint Server Spoofing Vulnerability
Summary
Microsoft SharePoint Server Spoofing Vulnerability
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SharePoint Server 2019 |
Affected:
16.0.0 , < 16.0.10409.20027
(custom)
|
|
| Microsoft | Microsoft SharePoint Server Subscription Edition |
Affected:
16.0.0 , < 16.0.17328.20246
(custom)
|
|
| Microsoft | Microsoft SharePoint Server 2016 |
Affected:
16.0.0.0 , < 16.0.5443.1000
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:53:01.492232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T15:26:20.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:18.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft SharePoint Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10409.20027",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.17328.20246",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft SharePoint Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5443.1000",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10409.20027",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"versionEndExcluding": "16.0.17328.20246",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5443.1000",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SharePoint Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:07.915Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-26251",
"datePublished": "2024-04-09T17:01:07.168Z",
"dateReserved": "2024-02-15T00:57:49.362Z",
"dateUpdated": "2025-05-03T00:40:07.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-26251",
"date": "2026-05-28",
"epss": "0.00393",
"percentile": "0.60507"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\", \"versionEndExcluding\": \"16.0.17328.20246\", \"matchCriteriaId\": \"746929A1-E97A-42EB-84E2-9E1666F066A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B850873B-E635-439C-9720-8BBE59120EE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft SharePoint Server Spoofing Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de suplantaci\\u00f3n de identidad de Microsoft SharePoint Server\"}]",
"id": "CVE-2024-26251",
"lastModified": "2024-12-05T19:29:12.660",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 3.1, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 1.4}]}",
"published": "2024-04-09T17:15:46.523",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-26251\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2024-04-09T17:15:46.523\",\"lastModified\":\"2024-12-05T19:29:12.660\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft SharePoint Server Spoofing Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de suplantaci\u00f3n de identidad de Microsoft SharePoint Server\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\",\"versionEndExcluding\":\"16.0.17328.20246\",\"matchCriteriaId\":\"746929A1-E97A-42EB-84E2-9E1666F066A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B850873B-E635-439C-9720-8BBE59120EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251\", \"name\": \"Microsoft SharePoint Server Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T00:07:18.981Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-26251\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-10T19:53:01.492232Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-05T15:26:18.093Z\"}}], \"cna\": {\"title\": \"Microsoft SharePoint Server Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.10409.20027\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server Subscription Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0\", \"lessThan\": \"16.0.17328.20246\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft SharePoint Server 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"16.0.0.0\", \"lessThan\": \"16.0.5443.1000\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}], \"datePublic\": \"2024-04-09T07:00:00+00:00\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251\", \"name\": \"Microsoft SharePoint Server Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft SharePoint Server Spoofing Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.10409.20027\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.17328.20246\", \"versionStartIncluding\": \"16.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"16.0.5443.1000\", \"versionStartIncluding\": \"16.0.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2024-12-31T19:18:27.954Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-26251\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-31T19:18:27.954Z\", \"dateReserved\": \"2024-02-15T00:57:49.362Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2024-04-09T17:01:07.168Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0292
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une usurpation d'identité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 versions antérieures à 17.4.18 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2110.4 | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server sur Linux versions antérieures à 17.10.6.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.9 versions antérieures à 17.9.6 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 25) versions antérieures à 15.0.4360.2 | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server sur MacOS versions antérieures à 17.10.6.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (inclut les versions 16.0 à 16.10) versions antérieures à 16.11.35 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server versions antérieures à 18.7.0002.0 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10409.20027 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 12) versions antérieures à 16.0.4120.1 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17328.20246 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server versions antérieures à 19.3.0003.0 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2016 versions antérieures à 16.0.5443.1000 | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server sur MacOS versions antérieures à 18.3.3.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1115.1 | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server sur Linux versions antérieures à 18.3.3.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 versions antérieures à 17.6.14 | ||
| Microsoft | N/A | Microsoft Defender pour IoT versions antérieures à 24.1.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.8 versions antérieures à 17.8.9 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Visual Studio 2022 version 17.4 versions ant\u00e9rieures \u00e0 17.4.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2110.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server sur Linux versions ant\u00e9rieures \u00e0 17.10.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.9 versions ant\u00e9rieures \u00e0 17.9.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 25) versions ant\u00e9rieures \u00e0 15.0.4360.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server sur MacOS versions ant\u00e9rieures \u00e0 17.10.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (inclut les versions 16.0 \u00e0 16.10) versions ant\u00e9rieures \u00e0 16.11.35",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server versions ant\u00e9rieures \u00e0 18.7.0002.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10409.20027",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 12) versions ant\u00e9rieures \u00e0 16.0.4120.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17328.20246",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server versions ant\u00e9rieures \u00e0 19.3.0003.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2016 versions ant\u00e9rieures \u00e0 16.0.5443.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server sur MacOS versions ant\u00e9rieures \u00e0 18.3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1115.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server sur Linux versions ant\u00e9rieures \u00e0 18.3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6 versions ant\u00e9rieures \u00e0 17.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour IoT versions ant\u00e9rieures \u00e0 24.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.8 versions ant\u00e9rieures \u00e0 17.8.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-29053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29053"
},
{
"name": "CVE-2024-29983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29983"
},
{
"name": "CVE-2024-28906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28906"
},
{
"name": "CVE-2024-28914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28914"
},
{
"name": "CVE-2024-28908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28908"
},
{
"name": "CVE-2024-28933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28933"
},
{
"name": "CVE-2024-28941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28941"
},
{
"name": "CVE-2024-29046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29046"
},
{
"name": "CVE-2024-28944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28944"
},
{
"name": "CVE-2024-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29054"
},
{
"name": "CVE-2024-28915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28915"
},
{
"name": "CVE-2024-21324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21324"
},
{
"name": "CVE-2024-28932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28932"
},
{
"name": "CVE-2024-29048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29048"
},
{
"name": "CVE-2024-29044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29044"
},
{
"name": "CVE-2024-29055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29055"
},
{
"name": "CVE-2024-29043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29043"
},
{
"name": "CVE-2024-29985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29985"
},
{
"name": "CVE-2024-28935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28935"
},
{
"name": "CVE-2024-28939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28939"
},
{
"name": "CVE-2024-28930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28930"
},
{
"name": "CVE-2024-28911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28911"
},
{
"name": "CVE-2024-28943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28943"
},
{
"name": "CVE-2024-29047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29047"
},
{
"name": "CVE-2024-28934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28934"
},
{
"name": "CVE-2024-28940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28940"
},
{
"name": "CVE-2024-28942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28942"
},
{
"name": "CVE-2024-28936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28936"
},
{
"name": "CVE-2024-28913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28913"
},
{
"name": "CVE-2024-21323",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21323"
},
{
"name": "CVE-2024-28909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28909"
},
{
"name": "CVE-2024-28938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28938"
},
{
"name": "CVE-2024-28929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28929"
},
{
"name": "CVE-2024-28926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28926"
},
{
"name": "CVE-2024-21322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21322"
},
{
"name": "CVE-2024-28931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28931"
},
{
"name": "CVE-2024-29984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29984"
},
{
"name": "CVE-2024-29045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29045"
},
{
"name": "CVE-2024-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21409"
},
{
"name": "CVE-2024-28927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28927"
},
{
"name": "CVE-2024-28910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28910"
},
{
"name": "CVE-2024-28912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28912"
},
{
"name": "CVE-2024-28937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28937"
},
{
"name": "CVE-2024-26251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26251"
},
{
"name": "CVE-2024-28945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28945"
},
{
"name": "CVE-2024-29982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29982"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28936 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28941 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29054 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28945 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29047 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28942 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28940 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28929 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21324 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26251 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28930 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28908 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28912 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21323 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28937 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28932 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28915 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29046 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29985 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28938 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28910 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29055 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29044 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28939 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28933 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21322 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28909 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29983 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29984 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29045 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29053 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28911 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28913 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28906 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28934 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21409 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28931 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28944 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28914 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28943 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29982 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29043 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28935 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28927 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28926 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29048 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048"
}
],
"reference": "CERTFR-2024-AVI-0292",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft les produits Microsoft du 09 avril 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0292
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une usurpation d'identité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 versions antérieures à 17.4.18 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2110.4 | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server sur Linux versions antérieures à 17.10.6.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.9 versions antérieures à 17.9.6 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 25) versions antérieures à 15.0.4360.2 | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server sur MacOS versions antérieures à 17.10.6.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (inclut les versions 16.0 à 16.10) versions antérieures à 16.11.35 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server versions antérieures à 18.7.0002.0 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10409.20027 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 12) versions antérieures à 16.0.4120.1 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17328.20246 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server versions antérieures à 19.3.0003.0 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2016 versions antérieures à 16.0.5443.1000 | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server sur MacOS versions antérieures à 18.3.3.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1115.1 | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server sur Linux versions antérieures à 18.3.3.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 versions antérieures à 17.6.14 | ||
| Microsoft | N/A | Microsoft Defender pour IoT versions antérieures à 24.1.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.8 versions antérieures à 17.8.9 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Visual Studio 2022 version 17.4 versions ant\u00e9rieures \u00e0 17.4.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2110.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server sur Linux versions ant\u00e9rieures \u00e0 17.10.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.9 versions ant\u00e9rieures \u00e0 17.9.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 25) versions ant\u00e9rieures \u00e0 15.0.4360.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server sur MacOS versions ant\u00e9rieures \u00e0 17.10.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (inclut les versions 16.0 \u00e0 16.10) versions ant\u00e9rieures \u00e0 16.11.35",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server versions ant\u00e9rieures \u00e0 18.7.0002.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10409.20027",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 12) versions ant\u00e9rieures \u00e0 16.0.4120.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17328.20246",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server versions ant\u00e9rieures \u00e0 19.3.0003.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2016 versions ant\u00e9rieures \u00e0 16.0.5443.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server sur MacOS versions ant\u00e9rieures \u00e0 18.3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1115.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server sur Linux versions ant\u00e9rieures \u00e0 18.3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6 versions ant\u00e9rieures \u00e0 17.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour IoT versions ant\u00e9rieures \u00e0 24.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.8 versions ant\u00e9rieures \u00e0 17.8.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-29053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29053"
},
{
"name": "CVE-2024-29983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29983"
},
{
"name": "CVE-2024-28906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28906"
},
{
"name": "CVE-2024-28914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28914"
},
{
"name": "CVE-2024-28908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28908"
},
{
"name": "CVE-2024-28933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28933"
},
{
"name": "CVE-2024-28941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28941"
},
{
"name": "CVE-2024-29046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29046"
},
{
"name": "CVE-2024-28944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28944"
},
{
"name": "CVE-2024-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29054"
},
{
"name": "CVE-2024-28915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28915"
},
{
"name": "CVE-2024-21324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21324"
},
{
"name": "CVE-2024-28932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28932"
},
{
"name": "CVE-2024-29048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29048"
},
{
"name": "CVE-2024-29044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29044"
},
{
"name": "CVE-2024-29055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29055"
},
{
"name": "CVE-2024-29043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29043"
},
{
"name": "CVE-2024-29985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29985"
},
{
"name": "CVE-2024-28935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28935"
},
{
"name": "CVE-2024-28939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28939"
},
{
"name": "CVE-2024-28930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28930"
},
{
"name": "CVE-2024-28911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28911"
},
{
"name": "CVE-2024-28943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28943"
},
{
"name": "CVE-2024-29047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29047"
},
{
"name": "CVE-2024-28934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28934"
},
{
"name": "CVE-2024-28940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28940"
},
{
"name": "CVE-2024-28942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28942"
},
{
"name": "CVE-2024-28936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28936"
},
{
"name": "CVE-2024-28913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28913"
},
{
"name": "CVE-2024-21323",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21323"
},
{
"name": "CVE-2024-28909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28909"
},
{
"name": "CVE-2024-28938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28938"
},
{
"name": "CVE-2024-28929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28929"
},
{
"name": "CVE-2024-28926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28926"
},
{
"name": "CVE-2024-21322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21322"
},
{
"name": "CVE-2024-28931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28931"
},
{
"name": "CVE-2024-29984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29984"
},
{
"name": "CVE-2024-29045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29045"
},
{
"name": "CVE-2024-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21409"
},
{
"name": "CVE-2024-28927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28927"
},
{
"name": "CVE-2024-28910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28910"
},
{
"name": "CVE-2024-28912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28912"
},
{
"name": "CVE-2024-28937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28937"
},
{
"name": "CVE-2024-26251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26251"
},
{
"name": "CVE-2024-28945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28945"
},
{
"name": "CVE-2024-29982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29982"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28936 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28941 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29054 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28945 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29047 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28942 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28940 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28929 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21324 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26251 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28930 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28908 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28912 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21323 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28937 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28932 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28915 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29046 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29985 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28938 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28910 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29055 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29044 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28939 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28933 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21322 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28909 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29983 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29984 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29045 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29053 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28911 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28913 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28906 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28934 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21409 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28931 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28944 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28914 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28943 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29982 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29043 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28935 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28927 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28926 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29048 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048"
}
],
"reference": "CERTFR-2024-AVI-0292",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft les produits Microsoft du 09 avril 2024",
"url": null
}
]
}
BDU:2024-05507
Vulnerability from fstec - Published: 09.04.2024
VLAI
Title
Уязвимость пакета программ Microsoft SharePoint Server, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить спуфинг атаки
Description
Уязвимость пакета программ Microsoft SharePoint Server связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить спуфинг атаки
Severity
Vendor
Microsoft Corp
Software Name
Microsoft SharePoint Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition
Software Version
- (Microsoft SharePoint Server 2016), - (Microsoft SharePoint Server 2019), - (Microsoft SharePoint Server Subscription Edition)
Possible Mitigations
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251
CWE
CWE-79
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:N",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Microsoft SharePoint Server 2016), - (Microsoft SharePoint Server 2019), - (Microsoft SharePoint Server Subscription Edition)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.07.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.07.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-05507",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-26251",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft SharePoint Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft SharePoint Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b (\u0438\u043b\u0438 \\\u00ab\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0441\u0446\u0435\u043d\u0430\u0440\u043d\u0430\u044f \u0430\u0442\u0430\u043a\u0430\\\u00bb) (CWE-79)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft SharePoint Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-79",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)"
}
CNVD-2024-39676
Vulnerability from cnvd - Published: 2024-10-01
VLAI
Title
Microsoft SharePoint Server欺骗漏洞(CNVD-2024-39676)
Description
Microsoft SharePoint Server是美国微软(Microsoft)公司的一套企业业务协作平台。该平台用于对业务信息进行整合,并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。
Microsoft SharePoint Server存在欺骗漏洞,攻击者可利用该漏洞进行欺骗攻击。
Severity
高
Patch Name
Microsoft SharePoint Server欺骗漏洞(CNVD-2024-39676)的补丁
Patch Description
Microsoft SharePoint Server是美国微软(Microsoft)公司的一套企业业务协作平台。该平台用于对业务信息进行整合,并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。
Microsoft SharePoint Server存在欺骗漏洞,攻击者可利用该漏洞进行欺骗攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251
Impacted products
| Name | ['Microsoft SharePoint Server 2016', 'Microsoft SharePoint Server 2019 null', 'Microsoft SharePoint Server Subscription Edition'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-26251",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-26251"
}
},
"description": "Microsoft SharePoint Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u5bf9\u4e1a\u52a1\u4fe1\u606f\u8fdb\u884c\u6574\u5408\uff0c\u5e76\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u3001\u4e0e\u4ed6\u4eba\u534f\u540c\u5de5\u4f5c\u3001\u7ec4\u7ec7\u9879\u76ee\u548c\u5de5\u4f5c\u7ec4\u3001\u641c\u7d22\u4eba\u5458\u548c\u4fe1\u606f\u3002\n\nMicrosoft SharePoint Server\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6b3a\u9a97\u653b\u51fb\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-39676",
"openTime": "2024-10-01",
"patchDescription": "Microsoft SharePoint Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u5bf9\u4e1a\u52a1\u4fe1\u606f\u8fdb\u884c\u6574\u5408\uff0c\u5e76\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u3001\u4e0e\u4ed6\u4eba\u534f\u540c\u5de5\u4f5c\u3001\u7ec4\u7ec7\u9879\u76ee\u548c\u5de5\u4f5c\u7ec4\u3001\u641c\u7d22\u4eba\u5458\u548c\u4fe1\u606f\u3002\r\n\r\nMicrosoft SharePoint Server\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6b3a\u9a97\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft SharePoint Server\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2024-39676\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Microsoft SharePoint Server 2016",
"Microsoft SharePoint Server 2019 null",
"Microsoft SharePoint Server Subscription Edition"
]
},
"referenceLink": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251",
"serverity": "\u9ad8",
"submitTime": "2024-04-11",
"title": "Microsoft SharePoint Server\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2024-39676\uff09"
}
FKIE_CVE-2024-26251
Vulnerability from fkie_nvd - Published: 2024-04-09 17:15 - Updated: 2024-12-05 19:29
Severity
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_server | * | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"matchCriteriaId": "746929A1-E97A-42EB-84E2-9E1666F066A8",
"versionEndExcluding": "16.0.17328.20246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "B850873B-E635-439C-9720-8BBE59120EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad de Microsoft SharePoint Server"
}
],
"id": "CVE-2024-26251",
"lastModified": "2024-12-05T19:29:12.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:46.523",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-HW4F-Q5QF-MR8M
Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30
VLAI
Details
Microsoft SharePoint Server Spoofing Vulnerability
Severity
6.8 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-26251"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T17:15:46Z",
"severity": "MODERATE"
},
"details": "Microsoft SharePoint Server Spoofing Vulnerability",
"id": "GHSA-hw4f-q5qf-mr8m",
"modified": "2024-04-09T18:30:26Z",
"published": "2024-04-09T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26251"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2024-26251
Vulnerability from gsd - Updated: 2024-02-15 06:02Details
Microsoft SharePoint Server Spoofing Vulnerability
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-26251"
],
"details": "Microsoft SharePoint Server Spoofing Vulnerability",
"id": "GSD-2024-26251",
"modified": "2024-02-15T06:02:25.146116Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2024-26251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Server 2019",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.0.0",
"version_value": "16.0.10409.20027"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server Subscription Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.0.0",
"version_value": "16.0.17328.20246"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server 2016",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.0.0.0",
"version_value": "16.0.5443.1000"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SharePoint Server Spoofing Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-79",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "Microsoft SharePoint Server Spoofing Vulnerability"
}
],
"id": "CVE-2024-26251",
"lastModified": "2024-04-10T13:24:00.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-04-09T17:15:46.523",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
}
}
}
MSRC_CVE-2024-26251
Vulnerability from csaf_microsoft - Published: 2024-04-09 07:00 - Updated: 2024-04-09 07:00Summary
Microsoft SharePoint Server Spoofing Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft SharePoint Server 2016 16.0.5443.1000
Microsoft SharePoint Server 2016
|
16.0.5443.1000 | ||
|
Microsoft SharePoint Server 2019 16.0.10409.20027
Microsoft SharePoint Server 2019
|
16.0.10409.20027 | ||
|
Microsoft SharePoint Server Subscription Edition 16.0.17328.20246
Microsoft SharePoint Server Subscription Edition
|
16.0.17328.20246 |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft SharePoint Server Subscription Edition <16.0.17328.20246
Microsoft SharePoint Server Subscription Edition
|
<16.0.17328.20246 |
Vendor Fix
fix
|
|
|
Microsoft SharePoint Server 2019 <16.0.10409.20027
Microsoft SharePoint Server 2019
|
<16.0.10409.20027 |
Vendor Fix
fix
|
|
|
Microsoft SharePoint Server 2016 <16.0.5443.1000
Microsoft SharePoint Server 2016
|
<16.0.5443.1000 |
Vendor Fix
fix
|
Threats
Impact
Spoofing
Exploit Status
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
References
7 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2024/m… | self |
| https://www.microsoft.com/en-us/msrc/exploitabili… | external |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2024/m… | self |
Acknowledgments
<a href="https://github.com/kaje11">Kajetan Rostojek</a>
{
"document": {
"acknowledgments": [
{
"names": [
"\u003ca href=\"https://github.com/kaje11\"\u003eKajetan Rostojek\u003c/a\u003e"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26251 Microsoft SharePoint Server Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
},
{
"category": "self",
"summary": "CVE-2024-26251 Microsoft SharePoint Server Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-26251.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability",
"tracking": {
"current_release_date": "2024-04-09T07:00:00.000Z",
"generator": {
"date": "2025-05-03T00:39:01.604Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-26251",
"initial_release_date": "2024-04-09T07:00:00.000Z",
"revision_history": [
{
"date": "2024-04-09T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.10409.20027",
"product": {
"name": "Microsoft SharePoint Server 2019 \u003c16.0.10409.20027",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "16.0.10409.20027",
"product": {
"name": "Microsoft SharePoint Server 2019 16.0.10409.20027",
"product_id": "11585"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server 2019"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.17328.20246",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition \u003c16.0.17328.20246",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "16.0.17328.20246",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition 16.0.17328.20246",
"product_id": "11961"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server Subscription Edition"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c16.0.5443.1000",
"product": {
"name": "Microsoft SharePoint Server 2016 \u003c16.0.5443.1000",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "16.0.5443.1000",
"product": {
"name": "Microsoft SharePoint Server 2016 16.0.5443.1000",
"product_id": "10917"
}
}
],
"category": "product_name",
"name": "Microsoft SharePoint Server 2016"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-26251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "The user would have to click on a specially crafted URL to be compromised by the attacker.",
"title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
},
{
"category": "faq",
"text": "Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token.",
"title": "According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?"
}
],
"product_status": {
"fixed": [
"10917",
"11585",
"11961"
],
"known_affected": [
"1",
"2",
"3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26251 Microsoft SharePoint Server Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
},
{
"category": "self",
"summary": "CVE-2024-26251 Microsoft SharePoint Server Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-26251.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-04-09T07:00:00.000Z",
"details": "16.0.10409.20027:Security Update:https://support.microsoft.com/help/5002580",
"product_ids": [
"2"
],
"url": "https://support.microsoft.com/help/5002580"
},
{
"category": "vendor_fix",
"date": "2024-04-09T07:00:00.000Z",
"details": "16.0.17328.20246:Security Update:https://support.microsoft.com/help/5002581",
"product_ids": [
"1"
],
"url": "https://support.microsoft.com/help/5002581"
},
{
"category": "vendor_fix",
"date": "2024-04-09T07:00:00.000Z",
"details": "16.0.5443.1000:Security Update:https://support.microsoft.com/help/5002583",
"product_ids": [
"3"
],
"url": "https://support.microsoft.com/help/5002583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Spoofing"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": "Microsoft SharePoint Server Spoofing Vulnerability"
}
]
}
WID-SEC-W-2024-0843
Vulnerability from csaf_certbund - Published: 2024-04-09 22:00 - Updated: 2024-04-09 22:00Summary
Microsoft Office: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Microsoft 365 Apps ist eine Office Suite für zahlreiche Büroanwendungen.
Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.
Microsoft Sharepoint Services ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. über Webseiten zur Verfügung gestellt.
Microsoft Sharepoint ist ein Portalsystem für die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. über Webseiten zur Verfügung gestellt.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft 365 Apps, Microsoft Office, Microsoft SharePoint, Microsoft SharePoint Server 2016 und Microsoft SharePoint Server 2019 ausnutzen, um beliebigen Programmcode auszuführen oder Cross-Site Scripting (XSS)-Angriffe durchzuführen.
Betroffene Betriebssysteme: - Windows
Es bestehen mehrere Schwachstellen in Microsoft 365 Apps, Microsoft Office, Microsoft SharePoint, Microsoft SharePoint Server 2016 und Microsoft SharePoint Server 2019. Diese werden von Microsoft nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Cross-Site-Scripting (XSS)-Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft SharePoint Server 2016
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2016:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:word
|
— |
Es bestehen mehrere Schwachstellen in Microsoft 365 Apps, Microsoft Office, Microsoft SharePoint, Microsoft SharePoint Server 2016 und Microsoft SharePoint Server 2019. Diese werden von Microsoft nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Cross-Site-Scripting (XSS)-Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft SharePoint Server 2016
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2016:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:word
|
— |
Es bestehen mehrere Schwachstellen in Microsoft 365 Apps, Microsoft Office, Microsoft SharePoint, Microsoft SharePoint Server 2016 und Microsoft SharePoint Server 2019. Diese werden von Microsoft nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Cross-Site-Scripting (XSS)-Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft SharePoint Server Subscription Edition
Microsoft / SharePoint
|
cpe:/a:microsoft:sharepoint:server_subscription_edition
|
Server Subscription Edition | |
|
Microsoft Office LTSC for Mac 2021
Microsoft / Office
|
cpe:/a:microsoft:office:ltsc_for_mac_2021
|
LTSC for Mac 2021 | |
|
Microsoft SharePoint Server 2019
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2019:-
|
— | |
|
Microsoft SharePoint Server 2016
Microsoft
|
cpe:/a:microsoft:sharepoint_server_2016:-
|
— | |
|
Microsoft 365 Apps
Microsoft
|
cpe:/a:microsoft:365_apps:word
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Microsoft 365 Apps ist eine Office Suite f\u00fcr zahlreiche B\u00fcroanwendungen.\r\nDie Microsoft Office Suite beinhaltet zahlreiche B\u00fcroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.\r\nMicrosoft Sharepoint Services ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u.a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.\r\nMicrosoft Sharepoint ist ein Portalsystem f\u00fcr die zentrale Verwaltung von Dokumenten und Anwendungen. Die Inhalte werden u. a. \u00fcber Webseiten zur Verf\u00fcgung gestellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft 365 Apps, Microsoft Office, Microsoft SharePoint, Microsoft SharePoint Server 2016 und Microsoft SharePoint Server 2019 ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0843 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0843.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0843 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0843"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2024-04-09",
"url": "https://msrc.microsoft.com/update-guide"
}
],
"source_lang": "en-US",
"title": "Microsoft Office: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-04-09T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:07:31.741+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0843",
"initial_release_date": "2024-04-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-04-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Microsoft 365 Apps",
"product": {
"name": "Microsoft 365 Apps",
"product_id": "T016696",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:365_apps:word"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "LTSC for Mac 2021",
"product": {
"name": "Microsoft Office LTSC for Mac 2021",
"product_id": "T020985",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:office:ltsc_for_mac_2021"
}
}
}
],
"category": "product_name",
"name": "Office"
},
{
"branches": [
{
"category": "product_version",
"name": "Server Subscription Edition",
"product": {
"name": "Microsoft SharePoint Server Subscription Edition",
"product_id": "T021526",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint:server_subscription_edition"
}
}
}
],
"category": "product_name",
"name": "SharePoint"
},
{
"category": "product_name",
"name": "Microsoft SharePoint Server 2016",
"product": {
"name": "Microsoft SharePoint Server 2016",
"product_id": "T014520",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint_server_2016:-"
}
}
},
{
"category": "product_name",
"name": "Microsoft SharePoint Server 2019",
"product": {
"name": "Microsoft SharePoint Server 2019",
"product_id": "T014523",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:sharepoint_server_2019:-"
}
}
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-20670",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft 365 Apps, Microsoft Office, Microsoft SharePoint, Microsoft SharePoint Server 2016 und Microsoft SharePoint Server 2019. Diese werden von Microsoft nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Cross-Site-Scripting (XSS)-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T021526",
"T020985",
"T014523",
"T014520",
"T016696"
]
},
"release_date": "2024-04-09T22:00:00.000+00:00",
"title": "CVE-2024-20670"
},
{
"cve": "CVE-2024-26251",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft 365 Apps, Microsoft Office, Microsoft SharePoint, Microsoft SharePoint Server 2016 und Microsoft SharePoint Server 2019. Diese werden von Microsoft nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Cross-Site-Scripting (XSS)-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T021526",
"T020985",
"T014523",
"T014520",
"T016696"
]
},
"release_date": "2024-04-09T22:00:00.000+00:00",
"title": "CVE-2024-26251"
},
{
"cve": "CVE-2024-26257",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Microsoft 365 Apps, Microsoft Office, Microsoft SharePoint, Microsoft SharePoint Server 2016 und Microsoft SharePoint Server 2019. Diese werden von Microsoft nicht im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Cross-Site-Scripting (XSS)-Angriff durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T021526",
"T020985",
"T014523",
"T014520",
"T016696"
]
},
"release_date": "2024-04-09T22:00:00.000+00:00",
"title": "CVE-2024-26257"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…