Security
Headlines
HeadlinesLatestCVEs

Tag

#Microsoft Office SharePoint

CVE-2022-21987: Microsoft SharePoint Server Spoofing Vulnerability

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** Exploitation of the vulnerability requires that a target be lured to and make use of a specially crafted functionality on a SharePoint page created by the attacker. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to use the intended functionality.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#Microsoft Office SharePoint#Security Vulnerability
CVE-2022-22005: Microsoft SharePoint Server Remote Code Execution Vulnerability

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.

CVE-2022-21968: Microsoft SharePoint Server Security Feature BypassVulnerability

**What privileges are required to exploit this vulnerability?** The attacker needs read access to the target site within SharePoint.

CVE-2022-21837: Microsoft SharePoint Server Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** An authenticated attacker with access to the domain could perform remote code execution on the Sharepoint server to elevate themselves to Sharepoint admin.

CVE-2021-42320: Microsoft SharePoint Server Spoofing Vulnerability

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to modify their Display Name within SharePoint.

CVE-2021-42309: Microsoft SharePoint Server Remote Code Execution Vulnerability

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.

CVE-2021-42294: Microsoft SharePoint Server Remote Code Execution Vulnerability

**There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?** Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

CVE-2021-43876: Microsoft SharePoint Elevation of Privilege Vulnerability

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the rights to use the SharePoint Migration tool and the ability create a new SharePoint site collection.

CVE-2021-40487: Microsoft SharePoint Server Remote Code Execution Vulnerability

*What is the attack vector for this vulnerability?* In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the SharePoint Server.

CVE-2021-40482: Microsoft SharePoint Server Information Disclosure Vulnerability

*What kind of information can be disclosed?* An attacker can gain access to an organizational's email, sites, filename, url of file...