Login Sign Up

CVE-2024-30100

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Microsoft SharePoint Server allows authenticated attackers to execute arbitrary code remotely by uploading specially crafted files. It affects organizations running vulnerable SharePoint Server versions, potentially compromising entire SharePoint environments.

💻 Affected Systems

Products:
  • Microsoft SharePoint Server
Versions: Specific versions as listed in Microsoft advisory
Operating Systems: Windows Server
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access to SharePoint

📦 What is this software?

Sharepoint Server by Microsoft

View all CVEs affecting Sharepoint Server →

Sharepoint Server by Microsoft

View all CVEs affecting Sharepoint Server →

Sharepoint Server by Microsoft

View all CVEs affecting Sharepoint Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of SharePoint Server leading to data theft, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Unauthorized access to sensitive SharePoint data, privilege escalation, and limited code execution within SharePoint context.

🟢

If Mitigated

Attack blocked at perimeter or detected before significant damage occurs.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires authenticated access and file upload capability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific patch versions

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100

Restart Required: Yes

Instructions:

1. Download appropriate security update from Microsoft Update Catalog. 2. Apply patch to all SharePoint servers. 3. Restart SharePoint services. 4. Test functionality.

🔧 Temporary Workarounds

Restrict file upload permissions

all

Limit file upload capabilities to trusted users only

Implement file type filtering

all

Block suspicious file types from being uploaded to SharePoint

🧯 If You Can't Patch

  • Isolate SharePoint servers from internet access
  • Implement strict access controls and monitor for suspicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check SharePoint Server version against Microsoft advisory

Check Version:

Get-SPFarm | Select BuildVersion

Verify Fix Applied:

Verify patch installation via Windows Update history or version check

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload patterns
  • Suspicious PowerShell execution from SharePoint context
  • Failed authentication attempts followed by successful uploads

Network Indicators:

  • Unexpected outbound connections from SharePoint servers
  • Large file uploads to SharePoint

SIEM Query:

source="sharepoint" AND (event="FileUpload" OR event="PowerShellExecution") | stats count by user, filename

📊 Metadata

CVE ID: CVE-2024-30100
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-426
Published: June 11, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30100, you might also want to check these:

CVE-2023-30330 9.8

SoftExpert Excellence Suite 2.x versions before 2.1.3 contain a Local File Inclusion vulnerability i...

Same vulnerability type (CWE-426)
CVE-2025-26155 9.8

This CVE describes an Untrusted Search Path vulnerability in NCP VPN clients that allows attackers t...

Same vulnerability type (CWE-426)
CVE-2022-26184 9.8

CVE-2022-26184 is an untrusted search path vulnerability in Poetry package manager versions 1.1.9 an...

Same vulnerability type (CWE-426)