Описание
Microsoft SharePoint Server Security Feature Bypass Vulnerability
FAQ
Are any additional steps required to protect my SharePoint farm after installing the January 10, 2023 security update for SharePoint Server?
Yes. Customers must also trigger a SharePoint upgrade action included in this update to protect their SharePoint farm. The upgrade action can be triggered by running the SharePoint Products Configuration Wizard, the Upgrade-SPFarm PowerShell cmdlet, or the "psconfig.exe -cmd upgrade -inplace b2b" command on each SharePoint server after installing the update.
How could an attacker exploit this vulnerability?
In a network-based attack, an unauthenticated attacker could bypass authentication and make an anonymous connection.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An unauthenticated attacker is able to bypass the expected user access.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Microsoft SharePoint Server Security Feature Bypass Vulnerability
Microsoft SharePoint Server Security Feature Bypass Vulnerability.
Уязвимость пакетов программ Microsoft SharePoint Server и SharePoint Enterprise Server, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
5.3 Medium
CVSS3