Описание
Microsoft SharePoint Server Spoofing Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of the vulnerability requires that a target be lured to and make use of a specially crafted functionality on a SharePoint page created by the attacker.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to use the intended functionality.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.
What is the nature of the spoofing?
An authenticated attacker could manipulate a SharePoint page they control to trick targeted users into sending attacker-controlled requests to the server under the permissions context of the target.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
8 High
CVSS3
Связанные уязвимости
Microsoft SharePoint Server Spoofing Vulnerability.
Уязвимость пакетов программ Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, Microsoft SharePoint Server Subscription Edition, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку
EPSS
8 High
CVSS3