Severity
High
Analysis Summary
CVE-2023-29357 CVSS:9.8
Microsoft SharePoint Server could allow a remote attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to gain administrative privileges.
CVE-2023-33142 CVSS:6.5
Microsoft SharePoint Server could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2023-33132 CVSS:6.3
Microsoft SharePoint Server could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2023-33129 CVSS:6.5
Microsoft SharePoint is vulnerable to a denial of service. By sending a specially crafted string, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-33130 CVSS:7.3
Microsoft SharePoint Server could allow a remote authenticated attacker to conduct spoofing attacks.
Impact
- Privilege Escalation
- Denial of Service
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-29357
- CVE-2023-33142
- CVE-2023-33132
- CVE-2023-33129
- CVE-2023-33130
Affected Vendors
Microsoft
Affected Products
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
- Microsoft SharePoint Enterprise Server 2016
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.