WEB Microsoft SharePoint Server Business Data Connectivity FindFiltered Unsafe Reflection -3 (CVE-2024-38024)

Rule ID

1235461

Severity

High

Description

An unsafe reflection vulnerability has been reported in the Business Data Connectivity service of Microsoft SharePoint Server. This vulnerability is due to insufficient input validation of the parameters sent to the FindFiltered method of an Entity object of a Line-of-Business (LOB) system instance. A remote, authenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

Impact

Remote code execution

Recommendation

Update vendor's patch.

IPS Category

Web threats

IPS Anomaly Group

N/A

IPS Rule Default Action

Deny

References

CVE-2024-38024

T1190

T0819

T1210

T0866

Keywords

N/A

Date Created

2024/08/08

Last Updated

2024/12/04

This website uses cookies to ensure you get the best experience on our website.

Learn more