An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 09:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq - Product | |
References | () https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf - Product |
15 Sep 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-200 |
03 Jul 2024, 01:59
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-400 |
26 Jun 2024, 14:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:virtosoftware:sharepoint_bulk_file_download:5.5.44:*:*:*:*:*:*:* cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:* |
|
Summary |
|
|
References | () https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq - Product | |
References | () https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf - Product | |
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Virtosoftware
Virtosoftware sharepoint Bulk File Download Microsoft sharepoint Server Microsoft |
24 Jun 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-24 17:15
Updated : 2024-11-21 09:17
NVD link : CVE-2024-33881
Mitre link : CVE-2024-33881
CVE.ORG link : CVE-2024-33881
JSON object : View
Products Affected
virtosoftware
- sharepoint_bulk_file_download
microsoft
- sharepoint_server