CVE-2023-29357

Warnung

EPSS 94.36%
Veröffentlicht 14.06.2023 00:15:09
Zuletzt bearbeitet 10.03.2025 20:44:31
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Sharepoint Server Version2019

10.01.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft SharePoint Server Privilege Escalation Vulnerability

Schwachstelle

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.36%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-303 Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-29357

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29357

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29357

EUVD