Описание
Microsoft SharePoint Server Denial of Service Vulnerability
FAQ
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.
According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability?
As an authenticated user, the attacker could send a specially crafted string of data over the network, causing the application to crash.
I am running SharePoint Server 2019 and there are multiple updates available. Do I need to install all the updates listed in the Security Updates table for these versions?
Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Microsoft SharePoint Server Denial of Service Vulnerability
Microsoft SharePoint Denial of Service Vulnerability
Уязвимость пакетов программ Microsoft SharePoint Server и SharePoint Enterprise Server, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3