Описание
Microsoft SharePoint Server Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.
How could an attacker exploit this vulnerability?
In a network-based attack an attacker would need to have the privileges to create a page on a vulnerable SharePoint server. By creating a site using specific code, the attacker could execute code remotely on the target server.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
8.8 High
CVSS3
Связанные уязвимости
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30158.
Уязвимость пакетов программ Microsoft SharePoint Server, SharePoint Enterprise Server, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю, выполнить произвольный код
EPSS
8.8 High
CVSS3