CVE-2023-24955

Warnung

EPSS 91.79%
Veröffentlicht 09.05.2023 18:15:13
Zuletzt bearbeitet 13.03.2025 16:17:08
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft SharePoint Server Remote Code Execution Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Sharepoint Enterprise Server Version2016

Microsoft ≫ Sharepoint Server Version- SwEditionsubscription

Microsoft ≫ Sharepoint Server Version2019

26.03.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft SharePoint Server Code Injection Vulnerability

Schwachstelle

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	91.79%	0.997

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-24955

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24955

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24955

EUVD