CVE-2024-49062: 
vulnerability analysis and mitigation

Microsoft SharePoint has been identified with an Information Disclosure Vulnerability, tracked as CVE-2024-49062. The vulnerability was discovered and reported to Microsoft, with the initial CVE record created on October 11, 2024, and officially published on December 11, 2024. This security issue affects multiple versions of SharePoint Server, including SharePoint Server Subscription Edition, SharePoint Server 2016 Enterprise, and SharePoint Server 2019 (NVD Database).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-23 (Relative Path Traversal) according to Microsoft's assessment (NVD Database).

This vulnerability could potentially lead to information disclosure in affected SharePoint Server installations. The CVSS score indicates that while the vulnerability requires low attack complexity and no user interaction, it does require low privileges to exploit and can result in high confidentiality impact (NVD Database).

Microsoft has released security updates to address this vulnerability. The fixes are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For SharePoint Server Subscription Edition, the security update KB5002658 (build 16.0.17928.20290) has been released. For SharePoint Server 2019, the security update KB5002657 (build 16.0.10416.20026) is available (Microsoft Support).