CVE-2023-29357

Warning

EPSS 94.36%
Published 14.06.2023 00:15:09
Last modified 10.03.2025 20:44:31
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Affected products Warnungen 1 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Sharepoint Server Version2019

10.01.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft SharePoint Server Privilege Escalation Vulnerability

Vulnerability

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.36%	0.999

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-303 Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-29357

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29357

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29357

EUVD