Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft SharePoint Server
APPMicrosoft2019
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- SharePoint Server
- Added to KEVi
- January 10, 2024
- Remediation deadline (US Federal)i
- January 31, 2024(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
Related vulnerabilities
RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server
RCE przez deserialization w Microsoft SharePoint Server (on-premises)
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the sour...
Path traversal w Virto Bulk File Download dla SharePoint — pobieranie i usuwanie plików
Microsoft Word Remote Code Execution Vulnerability