Tag
#Microsoft Office SharePoint
**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** Exploitation of the vulnerability requires that a target be lured to and make use of a specially crafted functionality on a SharePoint page created by the attacker. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to use the intended functionality.
**What privileges are required to exploit this vulnerability?** The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.
**What privileges are required to exploit this vulnerability?** The attacker needs read access to the target site within SharePoint.
**How could an attacker exploit the vulnerability?** An authenticated attacker with access to the domain could perform remote code execution on the Sharepoint server to elevate themselves to Sharepoint admin.
**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to modify their Display Name within SharePoint.
**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.
**There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?** Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.
**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the rights to use the SharePoint Migration tool and the ability create a new SharePoint site collection.
*What is the attack vector for this vulnerability?* In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the SharePoint Server.
*What kind of information can be disclosed?* An attacker can gain access to an organizational's email, sites, filename, url of file...