CVE-2024-33881

2024-06-2400:00:00

mitre

github.com

virtosoftware

bulk file download

sharepoint 2019

ntlmv2 hash

unc share pathname

6.8 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.7%

JSON

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.

References

docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq

download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf