Описание
Microsoft SharePoint Server Elevation of Privilege Vulnerability
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited the vulnerability would be able to create a list or document library in the targeted SharePoint site.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to a major loss of integrity (I:H) but no loss of confidentiality (C:N), or have any effect on availability (A:N). How could an attacker affect the SharePoint site?
An attacker who successfully exploited this vulnerability could create a list or document library in the targeted SharePoint site thus affecting the integrity. However, an attacker could not edit or delete a list or document library from the SharePoint site.
I am running SharePoint Server 2019 and there are multiple updates available. Do I need to install all the updates listed in the Security Updates table for these versions?
Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Уязвимость пакетов программ Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
6.5 Medium
CVSS3