CVE-2024-49068: 
vulnerability analysis and mitigation

Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2024-49068) was disclosed on December 11, 2024. This vulnerability affects multiple versions of SharePoint, including SharePoint Server Subscription Edition, SharePoint Server 2016 Enterprise, and SharePoint Server 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.2 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high confidentiality impact and low integrity impact with no availability impact. The vulnerability is classified under CWE-284 (Improper Access Control) (NVD).

The vulnerability could allow an attacker to gain elevated privileges within SharePoint environments. The CVSS scoring indicates potential for high confidentiality impact and low integrity impact to affected systems (Microsoft Security).

Microsoft has released security updates to address this vulnerability. The fixes are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For SharePoint Server Subscription Edition, the security update package build 16.0.17928.20290 (KB5002658) has been released. For SharePoint Server 2019, the security update package build 16.0.10416.20026 (KB5002657) is available (Microsoft Support).