Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2024-32987: CWE-918: Server-Side Request Forgery (SSRF) in Microsoft Microsoft SharePoint Enterprise Server 2016

0
High
VulnerabilityCVE-2024-32987cvecve-2024-32987cwe-918
Published: Tue Jul 09 2024 (07/09/2024, 17:02:40 UTC)
Source: CVE
Vendor/Project: Microsoft
Product: Microsoft SharePoint Enterprise Server 2016

Description

Microsoft SharePoint Server Information Disclosure Vulnerability

AI-Powered Analysis

AILast updated: 10/14/2025, 22:56:47 UTC

Technical Analysis

CVE-2024-32987 is a Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918, affecting Microsoft SharePoint Enterprise Server 2016 (version 16.0.0). SSRF vulnerabilities occur when an attacker can manipulate a server to send crafted requests to internal or external systems, potentially bypassing firewall restrictions and accessing sensitive resources. In this case, the vulnerability allows unauthenticated remote attackers to induce SharePoint servers to make arbitrary HTTP requests. The CVSS v3.1 base score is 7.5, indicating a high severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is primarily on confidentiality (C:H), with no impact on integrity or availability. This means attackers can potentially retrieve sensitive information from internal systems or services accessible to the SharePoint server but cannot modify data or disrupt service availability. The vulnerability is exploitable remotely without authentication, increasing the risk profile. Although no known exploits are currently reported in the wild, the vulnerability's nature and the critical role of SharePoint in enterprise collaboration and document management make it a significant concern. The lack of available patches at the time of publication necessitates immediate attention to mitigation strategies. Given SharePoint's integration in many corporate environments, exploitation could lead to unauthorized disclosure of sensitive corporate data or internal network information, facilitating further attacks.

Potential Impact

For European organizations, the impact of CVE-2024-32987 can be substantial due to the widespread adoption of Microsoft SharePoint Enterprise Server 2016 in corporate, governmental, and educational institutions. The vulnerability enables attackers to bypass perimeter defenses by leveraging the SharePoint server as a proxy to access internal resources, potentially exposing confidential documents, internal APIs, or metadata. This can lead to data breaches, loss of intellectual property, and exposure of sensitive operational information. The confidentiality breach could also have regulatory implications under GDPR, leading to legal and financial penalties. Additionally, the information disclosed could be used to facilitate subsequent attacks such as lateral movement, privilege escalation, or targeted phishing campaigns. The absence of required authentication and user interaction lowers the barrier for exploitation, increasing the likelihood of attacks against vulnerable systems. The impact is heightened in sectors with critical infrastructure or sensitive data, such as finance, healthcare, and government agencies across Europe.

Mitigation Recommendations

1. Monitor Microsoft security advisories closely and apply official patches or updates for SharePoint Enterprise Server 2016 as soon as they are released. 2. In the absence of patches, implement network-level controls such as web application firewalls (WAFs) to detect and block suspicious SSRF patterns and anomalous outbound requests originating from SharePoint servers. 3. Restrict outbound HTTP/HTTPS traffic from SharePoint servers to only necessary internal and external endpoints using firewall rules or proxy configurations to limit the attack surface. 4. Conduct regular security audits and penetration testing focused on SSRF and related vulnerabilities within SharePoint environments. 5. Enable detailed logging and monitoring of SharePoint server network activity to detect unusual request patterns indicative of SSRF exploitation attempts. 6. Segment SharePoint servers within a secure network zone with limited access to sensitive internal resources to contain potential breaches. 7. Educate IT and security teams about SSRF risks and ensure incident response plans include scenarios involving SSRF exploitation. 8. Review and harden SharePoint configuration settings to minimize unnecessary exposure of internal services and metadata.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2024-04-22T18:16:31.979Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981dc4522896dcbdb5c2

Added to database: 5/21/2025, 9:08:45 AM

Last enriched: 10/14/2025, 10:56:47 PM

Last updated: 10/16/2025, 3:17:21 PM

Views: 24

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats