Severity
Medium
Analysis Summary
CVE-2023-24955 CVSS:7.2
Microsoft SharePoint Server could allow a remote authenticated attacker to execute arbitrary code on the system. An attacker could exploit this vulnerability to execute arbitrary code on the SharePoint Server.
CVE-2023-24950 CVSS:6.5
Microsoft SharePoint Server could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2023-24954 CVSS:6.5
Microsoft SharePoint Server could allow a remote authenticated attacker to obtain sensitive information. An attacker could exploit this vulnerability to obtain user tokens and use this information to launch further attacks against the affected system.
Impact
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-24955
- CVE-2023-24950
- CVE-2023-24954
Affected Vendors
Microsoft
Affected Products
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
- Microsoft SharePoint Enterprise Server 2016
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.