Headline
CVE-2022-21987: Microsoft SharePoint Server Spoofing Vulnerability
According to the CVSS, User Interaction is Required. What interaction would the user have to do?
Exploitation of the vulnerability requires that a target be lured to and make use of a specially crafted functionality on a SharePoint page created by the attacker.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to use the intended functionality.