Описание
Microsoft SharePoint Server Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?
This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.
How could an attacker exploit the vulnerability?
In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8 High
CVSS3
Связанные уязвимости
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Уязвимость пакета программ Microsoft SharePoint, связанная с неправильной авторизацией, позволяющая нарушителю выполнить произвольный код
EPSS
8 High
CVSS3