CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2023-29357

CVSS 9.8v3.1pub. 2023-06-14upd. 2025-10-28

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft SharePoint Server

    APP
    Microsoft
    2019

CISA KEV — detailsi

Vendori
Microsoft
Producti
SharePoint Server
Added to KEVi
January 10, 2024
Remediation deadline (US Federal)i
January 31, 2024(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 31 stycznia 2024
CWE
References

Related vulnerabilities

CVE-2026-20963CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server

CVE-2025-53770CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserialization w Microsoft SharePoint Server (on-premises)

CVE-2019-0604CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the sour...

CVE-2024-33879CRITICAL9.8PL ✓ten sam produkt

Path traversal w Virto Bulk File Download dla SharePoint — pobieranie i usuwanie plików

CVE-2023-21716CRITICAL9.8ten sam produkt

Microsoft Word Remote Code Execution Vulnerability