Vulnerabilites related to Microsoft - Microsoft SharePoint Server Subscription Edition
cve-2023-33132
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-02-28 20:02
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < 16.0.10399.20005 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.257Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33132", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:24:57.248193Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T20:02:36.049Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10399.20005", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20548", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10399.20005", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20548", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:44:14.785Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33132", datePublished: "2023-06-13T23:26:25.242Z", dateReserved: "2023-05-17T21:16:44.895Z", dateUpdated: "2025-02-28T20:02:36.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36764
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:53
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5413.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:08.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36764", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:21.621838Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:53:43.905Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5413.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10402.20016", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16731.20180", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5413.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10402.20016", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16731.20180", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "CWE-73: External Control of File Name or Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:36.659Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764", }, ], title: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36764", datePublished: "2023-09-12T16:58:44.461Z", dateReserved: "2023-06-27T15:11:59.868Z", dateUpdated: "2025-02-27T20:53:43.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38018
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38018 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5465.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38018", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:05:51.315793Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:08:11.283Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5465.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10414.20002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20086", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5465.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10414.20002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20086", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:47.531Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38018", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38018", datePublished: "2024-09-10T16:53:41.426Z", dateReserved: "2024-06-11T18:18:00.679Z", dateUpdated: "2024-12-31T23:02:47.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38023
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38023 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5456.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38023", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:36:11.010472Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T14:59:04.458Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:24.714Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5456.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10412.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17328.20424", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5456.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10412.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17328.20424", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:22.825Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38023", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38023", datePublished: "2024-07-09T17:02:23.908Z", dateReserved: "2024-06-11T18:18:00.681Z", dateUpdated: "2025-03-11T16:39:22.825Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-30044
Vulnerability from cvelistv5
Published
2024-05-14 16:57
Modified
2024-12-31 19:04
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5448.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-30044", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T19:05:25.724174Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:39:42.328Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:25:02.484Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5448.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10409.20047", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17328.20292", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5448.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10409.20047", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17328.20292", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-05-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T19:04:17.021Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30044", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-30044", datePublished: "2024-05-14T16:57:15.397Z", dateReserved: "2024-03-22T23:12:13.408Z", dateUpdated: "2024-12-31T19:04:17.021Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41036
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-01-02 21:27
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41036 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5365.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.146Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41036", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5365.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10391.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20158", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5365.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10391.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20158", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-10-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:27:15.528Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41036", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41036", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:27:15.528Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26251
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < 16.0.10409.20027 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26251", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:53:01.492232Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T15:26:20.278Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:07:18.981Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10409.20027", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17328.20246", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5443.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10409.20027", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17328.20246", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5443.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:58.062Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-26251", datePublished: "2024-04-09T17:01:07.168Z", dateReserved: "2024-02-15T00:57:49.362Z", dateUpdated: "2025-01-23T01:11:58.062Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36892
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-01-01 01:59
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < 16.0.10401.20025 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36892", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-27T20:32:01.002433Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-30T14:46:27.106Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.805Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10401.20025", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20684", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10401.20025", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20684", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:09.027Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36892", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36892", datePublished: "2023-08-08T17:08:50.214Z", dateReserved: "2023-06-27T20:28:32.381Z", dateUpdated: "2025-01-01T01:59:09.027Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33159
Vulnerability from cvelistv5
Published
2023-07-11 17:03
Modified
2025-02-28 21:07
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33159 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5404.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.413Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33159", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33159", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:18.845818Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:07:24.338Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5404.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10400.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20642", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5404.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10400.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20642", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-07-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:52:45.410Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33159", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33159", datePublished: "2023-07-11T17:03:09.698Z", dateReserved: "2023-05-17T21:16:44.899Z", dateUpdated: "2025-02-28T21:07:24.338Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33165
Vulnerability from cvelistv5
Published
2023-07-11 17:02
Modified
2025-02-28 20:01
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33165 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < 16.0.10400.20008 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.141Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33165", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33165", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:24:46.869238Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T20:01:59.890Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10400.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20642", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10400.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20642", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-07-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:51:54.578Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33165", }, ], title: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33165", datePublished: "2023-07-11T17:02:20.427Z", dateReserved: "2023-05-17T21:16:44.902Z", dateUpdated: "2025-02-28T20:01:59.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41103
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft Word Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.392Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Word Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10392.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5369.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20238", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10392.20000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20238", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "ARM64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5369.1000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10392.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5369.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20238", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10392.20000", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20238", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5369.1000", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Word Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:47.521Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103", }, ], title: "Microsoft Word Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41103", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:47.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41062
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5369.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.144Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5369.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10392.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20238", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5369.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10392.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20238", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:49.880Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41062", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:49.880Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21837
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21837 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5266.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:36.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21837", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5266.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10382.20004", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20714", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5266.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10382.20004", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20714", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:22:49.319Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21837", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21837", datePublished: "2022-01-11T20:22:17", dateReserved: "2021-12-14T00:00:00", dateUpdated: "2025-01-02T18:22:49.319Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-44693
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-01-02 21:36
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 5373.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:54:04.009Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "5373.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5511.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "10393.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "15601.20316", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5511.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "5373.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "5511.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "10393.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "15601.20316", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "5511.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-12-13T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:36:45.215Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-44693", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2025-01-02T21:36:45.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21987
Vulnerability from cvelistv5
Published
2022-02-09 16:36
Modified
2025-01-02 18:28
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21987 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5278.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.737Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21987", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5278.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5423.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10383.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20742", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5278.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5423.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10383.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20742", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-02-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:28:04.882Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21987", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21987", datePublished: "2022-02-09T16:36:34", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:28:04.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-30100
Vulnerability from cvelistv5
Published
2024-06-11 17:00
Modified
2024-12-31 19:37
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5452.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-30100", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T03:55:53.559021Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-14T16:31:44.018Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:25:02.974Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5452.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10411.20004", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17328.20362", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5452.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10411.20004", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17328.20362", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-06-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T19:37:57.187Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30100", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-30100", datePublished: "2024-06-11T17:00:02.610Z", dateReserved: "2024-03-22T23:12:15.573Z", dateUpdated: "2024-12-31T19:37:57.187Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38094
Vulnerability from cvelistv5
Published
2024-07-09 17:03
Modified
2025-03-11 16:40
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5456.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38094", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-22T15:04:15.775049Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-10-22", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-10-22T16:20:23.394Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, timeline: [ { lang: "en", time: "2024-10-22T00:00:00+00:00", value: "CVE-2024-38094 added to CISA KEV", }, ], title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:25.155Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5456.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10412.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17328.20424", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5456.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10412.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17328.20424", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:40:24.495Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38094", datePublished: "2024-07-09T17:03:24.222Z", dateReserved: "2024-06-11T22:36:08.183Z", dateUpdated: "2025-03-11T16:40:24.495Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49062
Vulnerability from cvelistv5
Published
2024-12-10 17:49
Modified
2025-03-11 16:44
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49062 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5478.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49062", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T19:28:10.725161Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T19:30:49.343Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20026", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20290", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5478.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20026", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20290", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-12-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-23", description: "CWE-23: Relative Path Traversal", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:44:29.034Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49062", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49062", datePublished: "2024-12-10T17:49:35.126Z", dateReserved: "2024-10-11T20:57:49.189Z", dateUpdated: "2025-03-11T16:44:29.034Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41061
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-02-28 20:53
Severity ?
EPSS score ?
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | SharePoint Server Subscription Edition Language Pack |
Version: 16.0.0 < 16.0.15601.20238 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:48.701Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41061", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:56.768740Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:53:06.164Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20238", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20238", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10392.20000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5369.1000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10392.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5369.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.67.22111300", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "16.67.22111300", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "ARM64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20238", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20238", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10392.20000", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5369.1000", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10392.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5369.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.67.22111300", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.67.22111300", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:48.255Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41061", datePublished: "2022-11-09T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-02-28T20:53:06.164Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21840
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
EPSS score ?
Summary
Microsoft Office Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5266.1000 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:36.406Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5266.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10382.20004", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "16.57.22011101", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10382.20004", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.57.22011101", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20714", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20714", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5266.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5266.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Excel 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { platforms: [ "ARM64-based Systems", "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5266.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10382.20004", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.57.22011101", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10382.20004", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.57.22011101", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20714", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20714", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5266.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*", versionEndExcluding: "16.0.5266.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:*:sp1:*:*:rt:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:sp1:*:*:rt:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Office Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:22:52.048Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840", }, ], title: "Microsoft Office Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21840", datePublished: "2022-01-11T20:22:19", dateReserved: "2021-12-14T00:00:00", dateUpdated: "2025-01-02T18:22:52.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24955
Vulnerability from cvelistv5
Published
2023-05-09 17:03
Modified
2025-02-11 18:11
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5395.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-24955", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-01T16:46:27.874783Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-03-26", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-24955", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:21:28.519Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.707Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5395.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10398.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20420", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5395.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10398.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20420", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-05-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94: Improper Control of Generation of Code ('Code Injection')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T18:11:19.498Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-24955", datePublished: "2023-05-09T17:03:01.864Z", dateReserved: "2023-01-31T20:37:47.263Z", dateUpdated: "2025-02-11T18:11:19.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42294
Vulnerability from cvelistv5
Published
2021-12-15 14:14
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5254.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:37.737Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5254.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10381.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20620", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*", ], platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20620", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-12-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:44:15.389Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42294", datePublished: "2021-12-15T14:14:54", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:37.737Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35823
Vulnerability from cvelistv5
Published
2022-09-13 00:00
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.096Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:13.222Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35823", datePublished: "2022-09-13T00:00:00", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-03-11T16:10:13.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21716
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-02-28 21:13
Severity ?
EPSS score ?
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Office LTSC for Mac 2021 |
Version: 16.0.1 < 16.70.23021201 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21716", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:05.782542Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:13:53.143Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.70.23021201", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20478", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20478", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10395.20001", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "16.70.23021201", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5383.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10395.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5383.1000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.70.23021201", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20478", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20478", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10395.20001", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.70.23021201", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5383.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10395.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5383.1000", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:18.719Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21716", datePublished: "2023-02-14T19:33:45.678Z", dateReserved: "2022-12-13T18:08:03.491Z", dateUpdated: "2025-02-28T21:13:53.143Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37961
Vulnerability from cvelistv5
Published
2022-09-13 18:42
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37961 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:37:42.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37961", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:15.473Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37961", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-37961", datePublished: "2022-09-13T18:42:09", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2025-03-11T16:10:15.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36894
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-28 19:35
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36894 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5408.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36894", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36894", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:24:19.690713Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T19:35:28.337Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5408.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10401.20025", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20684", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5408.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10401.20025", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20684", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:10.365Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36894", }, ], title: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36894", datePublished: "2023-08-08T17:08:51.340Z", dateReserved: "2023-06-27T20:28:32.381Z", dateUpdated: "2025-02-28T19:35:28.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22005
Vulnerability from cvelistv5
Published
2022-02-09 16:36
Modified
2025-01-02 18:28
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5278.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:55.147Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5278.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5423.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10383.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20742", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5278.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5423.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10383.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20742", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-02-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:28:24.655Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-22005", datePublished: "2022-02-09T16:36:59", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:28:24.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30171
Vulnerability from cvelistv5
Published
2022-06-15 21:52
Modified
2025-01-02 19:03
Severity ?
EPSS score ?
Summary
Microsoft Office Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30171 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5332.1001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30171", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5332.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10387.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20612", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5332.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10387.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.14931.20612", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-06-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Office Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:03:06.479Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30171", }, ], title: "Microsoft Office Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-30171", datePublished: "2022-06-15T21:52:08", dateReserved: "2022-05-03T00:00:00", dateUpdated: "2025-01-02T19:03:06.479Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30172
Vulnerability from cvelistv5
Published
2022-06-15 21:52
Modified
2025-01-02 19:03
Severity ?
EPSS score ?
Summary
Microsoft Office Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30172 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5332.1001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.889Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30172", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-30172", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-02T20:56:53.939249Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T15:19:15.506Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5332.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10387.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20612", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5332.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10387.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.14931.20612", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-06-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Office Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:03:07.082Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30172", }, ], title: "Microsoft Office Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-30172", datePublished: "2022-06-15T21:52:10", dateReserved: "2022-05-03T00:00:00", dateUpdated: "2025-01-02T19:03:07.082Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43464
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43464 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5465.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43464", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:52:46.331863Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:52:54.105Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5465.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10414.20002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20086", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5465.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10414.20002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20086", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:57.081Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43464", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43464", datePublished: "2024-09-10T16:53:50.250Z", dateReserved: "2024-08-14T01:08:33.516Z", dateUpdated: "2024-12-31T23:02:57.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33130
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-02-28 21:09
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < 16.0.10399.20005 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.998Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33130", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:16.331275Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:09:33.378Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10399.20005", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20548", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10399.20005", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20548", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:44:13.788Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33130", datePublished: "2023-06-13T23:26:24.055Z", dateReserved: "2023-05-17T21:16:44.895Z", dateUpdated: "2025-02-28T21:09:33.378Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21968
Vulnerability from cvelistv5
Published
2022-02-09 16:36
Modified
2025-01-02 18:28
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21968 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5278.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21968", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5278.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10383.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20742", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5423.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5278.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10383.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20742", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5423.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-02-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:28:12.255Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21968", }, ], title: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21968", datePublished: "2022-02-09T16:36:24", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:28:12.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41038
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-01-02 21:27
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5365.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:48.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41038", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5365.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10391.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20158", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5365.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10391.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20158", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-10-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:27:45.546Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41038", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:27:45.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21400
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2025-03-12 01:42
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21400 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5487.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21400", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T18:53:05.282112Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-11T18:54:13.830Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5487.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20050", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20396", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5487.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20050", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20396", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-02-11T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285: Improper Authorization", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-12T01:42:39.482Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21400", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21400", datePublished: "2025-02-11T17:58:39.557Z", dateReserved: "2024-12-11T00:29:48.375Z", dateUpdated: "2025-03-12T01:42:39.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41122
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41122 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-41122", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-05T13:12:44.885168Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T13:14:47.928Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41122", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:26.623Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41122", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41122", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:26.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49064
Vulnerability from cvelistv5
Published
2024-12-10 17:49
Modified
2025-03-11 16:44
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49064 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5478.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49064", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-12T19:28:23.318188Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-12T19:31:41.629Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20026", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20290", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5478.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20026", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20290", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-12-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611: Improper Restriction of XML External Entity Reference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:44:03.503Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49064", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49064", datePublished: "2024-12-10T17:49:05.968Z", dateReserved: "2024-10-11T20:57:49.194Z", dateUpdated: "2025-03-11T16:44:03.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-30043
Vulnerability from cvelistv5
Published
2024-05-14 16:57
Modified
2024-12-31 19:04
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5448.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-30043", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T20:01:36.445426Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:39:08.246Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:25:02.558Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5448.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10409.20047", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17328.20292", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5448.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10409.20047", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17328.20292", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-05-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611: Improper Restriction of XML External Entity Reference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T19:04:31.670Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30043", }, ], title: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-30043", datePublished: "2024-05-14T16:57:29.149Z", dateReserved: "2024-03-22T23:12:13.408Z", dateUpdated: "2024-12-31T19:04:31.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21717
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-01-01 00:41
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5383.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:49.363Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5383.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10395.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20478", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5383.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10395.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20478", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:19.240Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717", }, ], title: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21717", datePublished: "2023-02-14T19:33:46.638Z", dateReserved: "2022-12-13T18:08:03.491Z", dateUpdated: "2025-01-01T00:41:19.240Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42309
Vulnerability from cvelistv5
Published
2021-12-15 14:14
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-074/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5254.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.283Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-074/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5254.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10381.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20620", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-12-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:44:42.010Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-074/", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42309", datePublished: "2021-12-15T14:14:56", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:38.283Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24950
Vulnerability from cvelistv5
Published
2023-05-09 17:03
Modified
2025-02-28 20:02
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24950 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5395.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.781Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24950", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-24950", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:02.134799Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T20:02:56.407Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5395.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10398.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20420", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5395.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10398.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20420", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-05-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T18:11:17.820Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24950", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-24950", datePublished: "2023-05-09T17:03:00.251Z", dateReserved: "2023-01-31T20:37:47.261Z", dateUpdated: "2025-02-28T20:02:56.407Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33134
Vulnerability from cvelistv5
Published
2023-07-11 17:03
Modified
2025-02-28 21:07
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33134 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5404.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33134", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33134", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:27.395814Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:07:37.141Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5404.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10400.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20642", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5404.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10400.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20642", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-07-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:53:07.270Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33134", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33134", datePublished: "2023-07-11T17:03:06.333Z", dateReserved: "2023-05-17T21:16:44.896Z", dateUpdated: "2025-02-28T21:07:37.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38053
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-01-02 21:27
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38053 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5365.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:45:52.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38053", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5365.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10391.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20158", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5365.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10391.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20158", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-10-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:27:43.749Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38053", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-38053", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2025-01-02T21:27:43.749Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-44690
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-01-02 21:36
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44690 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 5373.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:54:04.053Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44690", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "5373.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5511.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "10393.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "15601.20316", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5511.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "5373.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "5511.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "10393.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "15601.20316", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "5511.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-12-13T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:36:43.458Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44690", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-44690", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2025-01-02T21:36:43.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21744
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21744 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5378.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21744", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21744", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:32.094793Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:33.586Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5378.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5519.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10394.20021", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5519.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5378.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5519.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10394.20021", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5519.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:35:57.652Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21744", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21744", datePublished: "2023-01-10T00:00:00.000Z", dateReserved: "2022-12-13T00:00:00.000Z", dateUpdated: "2025-02-28T21:14:33.586Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28288
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-02-28 21:12
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5391.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:23.849Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/173126/Microsoft-SharePoint-Enterprise-Server-2016-Spoofing.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28288", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:22:34.137105Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:12:06.832Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5391.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5545.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10397.20002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20314", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5545.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5391.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5545.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10397.20002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20314", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5545.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:04:43.398Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28288", datePublished: "2023-04-11T19:13:18.266Z", dateReserved: "2023-03-13T22:23:36.186Z", dateUpdated: "2025-02-28T21:12:06.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21742
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21742 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5378.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.867Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21742", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21742", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:34.987558Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:44.865Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5378.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5519.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10394.20021", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5519.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5378.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5519.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10394.20021", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5519.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:35:56.619Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21742", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21742", datePublished: "2023-01-10T00:00:00.000Z", dateReserved: "2022-12-13T00:00:00.000Z", dateUpdated: "2025-02-28T21:14:44.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42320
Vulnerability from cvelistv5
Published
2021-12-15 14:15
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42320 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5254.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42320", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5254.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10381.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20620", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-12-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:44:42.560Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42320", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42320", datePublished: "2021-12-15T14:15:02", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:38.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23395
Vulnerability from cvelistv5
Published
2023-03-14 16:55
Modified
2025-02-28 20:05
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5387.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:40.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-23395", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:40.790597Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T20:05:17.961Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5387.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5537.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10396.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20166", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5537.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5387.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5537.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10396.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20166", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5537.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-03-14T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:48:06.509Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-23395", datePublished: "2023-03-14T16:55:27.140Z", dateReserved: "2023-01-11T22:08:03.136Z", dateUpdated: "2025-02-28T20:05:17.961Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30159
Vulnerability from cvelistv5
Published
2022-06-15 21:51
Modified
2025-01-02 19:03
Severity ?
EPSS score ?
Summary
Microsoft Office Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30159 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5332.1001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30159", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5332.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10387.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20612", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5332.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10387.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.14931.20612", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-06-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Office Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:03:02.371Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Office Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30159", }, ], title: "Microsoft Office Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-30159", datePublished: "2022-06-15T21:51:52", dateReserved: "2022-05-03T00:00:00", dateUpdated: "2025-01-02T19:03:02.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32987
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5456.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-32987", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T20:12:44.079839Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T20:12:53.066Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:27:53.509Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5456.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10412.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17328.20424", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5456.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10412.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17328.20424", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:39.683Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-32987", }, ], title: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-32987", datePublished: "2024-07-09T17:02:40.032Z", dateReserved: "2024-04-22T18:16:31.979Z", dateUpdated: "2025-03-11T16:39:39.683Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43503
Vulnerability from cvelistv5
Published
2024-10-08 17:35
Modified
2025-01-29 23:49
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43503 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5469.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43503", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T18:43:02.917159Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T18:43:18.560Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5469.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10415.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20162", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5469.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10415.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20162", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-10-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T23:49:59.855Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43503", }, ], title: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43503", datePublished: "2024-10-08T17:35:17.969Z", dateReserved: "2024-08-14T01:08:33.522Z", dateUpdated: "2025-01-29T23:49:59.855Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38008
Vulnerability from cvelistv5
Published
2022-09-13 18:42
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:37:42.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:13.977Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-38008", datePublished: "2022-09-13T18:42:17", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2025-03-11T16:10:13.977Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36891
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:06
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < 16.0.10401.20025 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36891", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:39.983669Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:06:50.661Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10401.20025", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20684", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10401.20025", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20684", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:08.483Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36891", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36891", datePublished: "2023-08-08T17:08:49.648Z", dateReserved: "2023-06-27T20:28:32.380Z", dateUpdated: "2025-02-27T21:06:50.661Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36890
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:06
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < 16.0.10401.20025 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.642Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36890", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:41.675807Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:06:58.141Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10401.20025", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20684", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10401.20025", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20684", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:08.031Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36890", }, ], title: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36890", datePublished: "2023-08-08T17:08:49.061Z", dateReserved: "2023-06-27T20:28:32.380Z", dateUpdated: "2025-02-27T21:06:58.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43242
Vulnerability from cvelistv5
Published
2021-12-15 14:15
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5254.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:55:27.377Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5254.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10381.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20620", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-12-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:44:44.193Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-43242", datePublished: "2021-12-15T14:15:23", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-08-04T03:55:27.377Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43466
Vulnerability from cvelistv5
Published
2024-09-10 16:54
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43466 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5465.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43466", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:43:36.439758Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:43:49.157Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5465.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10414.20002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20086", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5465.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10414.20002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20086", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:20.314Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43466", }, ], title: "Microsoft SharePoint Server Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43466", datePublished: "2024-09-10T16:54:15.173Z", dateReserved: "2024-08-14T01:08:33.516Z", dateUpdated: "2024-12-31T23:03:20.314Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21344
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21344 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5483.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21344", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T04:55:40.241Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20041", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20356", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5483.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20041", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20356", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:38.936Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21344", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21344", datePublished: "2025-01-14T18:04:03.547Z", dateReserved: "2024-12-11T00:29:48.353Z", dateUpdated: "2025-04-02T13:23:38.936Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21426
Vulnerability from cvelistv5
Published
2024-03-12 16:57
Modified
2024-12-31 20:19
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5439.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21426", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T19:01:48.887318Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-12T18:26:58.479Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.762Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5439.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10408.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17328.20136", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5439.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10408.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17328.20136", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-03-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T20:19:08.892Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21426", datePublished: "2024-03-12T16:57:44.350Z", dateReserved: "2023-12-08T22:45:21.302Z", dateUpdated: "2024-12-31T20:19:08.892Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33157
Vulnerability from cvelistv5
Published
2023-07-11 17:03
Modified
2025-02-28 20:46
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33157 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5404.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:34.982Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33157", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33157", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:24.530754Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:46:18.784Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5404.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10400.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20642", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5404.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10400.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20642", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-07-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:52:44.156Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33157", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33157", datePublished: "2023-07-11T17:03:08.566Z", dateReserved: "2023-05-17T21:16:44.899Z", dateUpdated: "2025-02-28T20:46:18.784Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33142
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-02-28 20:02
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33142 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < 16.0.10399.20005 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33142", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33142", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:24:54.518976Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T20:02:28.408Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10399.20005", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20548", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10399.20005", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20548", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285: Improper Authorization", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:44:17.319Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33142", }, ], title: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33142", datePublished: "2023-06-13T23:26:28.027Z", dateReserved: "2023-05-17T21:16:44.897Z", dateUpdated: "2025-02-28T20:02:28.408Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33160
Vulnerability from cvelistv5
Published
2023-07-11 17:03
Modified
2025-02-28 21:07
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33160 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5404.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.594Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33160", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33160", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:16.019709Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:07:18.115Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5404.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10400.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20642", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5404.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10400.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20642", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-07-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:52:45.867Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33160", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33160", datePublished: "2023-07-11T17:03:10.265Z", dateReserved: "2023-05-17T21:16:44.899Z", dateUpdated: "2025-02-28T21:07:18.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30158
Vulnerability from cvelistv5
Published
2022-06-15 21:51
Modified
2025-01-02 19:03
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30158 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5332.1001 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.962Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30158", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-30158", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-02T20:55:43.257662Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T15:19:47.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5332.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10387.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5332.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10387.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-06-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:03:01.749Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30158", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-30158", datePublished: "2022-06-15T21:51:51", dateReserved: "2022-05-03T00:00:00", dateUpdated: "2025-01-02T19:03:01.749Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21348
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21348 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5483.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21348", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T04:55:41.669Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20041", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20356", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5483.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20041", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20356", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285: Improper Authorization", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:41.040Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21348", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21348", datePublished: "2025-01-14T18:04:05.268Z", dateReserved: "2024-12-11T00:29:48.353Z", dateUpdated: "2025-04-02T13:23:41.040Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-24954
Vulnerability from cvelistv5
Published
2023-05-09 17:03
Modified
2025-02-28 20:02
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5395.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.452Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-24954", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:00.889006Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T20:02:48.648Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5395.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10398.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20420", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5395.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10398.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20420", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-05-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T18:11:18.929Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954", }, ], title: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-24954", datePublished: "2023-05-09T17:03:01.327Z", dateReserved: "2023-01-31T20:37:47.263Z", dateUpdated: "2025-02-28T20:02:48.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38009
Vulnerability from cvelistv5
Published
2022-09-13 18:42
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:37:42.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:14.652Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-38009", datePublished: "2022-09-13T18:42:18", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2025-03-11T16:10:14.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49068
Vulnerability from cvelistv5
Published
2024-12-10 17:49
Modified
2025-03-11 16:44
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49068 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5478.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49068", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T04:55:58.562Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20026", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20290", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5478.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20026", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20290", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-12-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:44:04.095Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49068", }, ], title: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49068", datePublished: "2024-12-10T17:49:06.470Z", dateReserved: "2024-10-11T20:57:49.195Z", dateUpdated: "2025-03-11T16:44:04.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49070
Vulnerability from cvelistv5
Published
2024-12-10 17:49
Modified
2025-03-11 16:44
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5478.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49070", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-07T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T04:55:59.746Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5478.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20026", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20290", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5478.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20026", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20290", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-12-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:44:05.910Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49070", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49070", datePublished: "2024-12-10T17:49:07.578Z", dateReserved: "2024-10-11T20:57:49.195Z", dateUpdated: "2025-03-11T16:44:05.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29108
Vulnerability from cvelistv5
Published
2022-05-10 20:34
Modified
2025-01-02 18:58
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5317.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:59.392Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29108", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5317.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10386.20011", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20286", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5449.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5317.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10386.20011", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20286", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5449.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-05-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:58:05.719Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-29108", datePublished: "2022-05-10T20:34:11", dateReserved: "2022-04-12T00:00:00", dateUpdated: "2025-01-02T18:58:05.719Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30157
Vulnerability from cvelistv5
Published
2022-06-15 21:51
Modified
2025-01-02 19:03
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30157 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5332.1001 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.730Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30157", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5332.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10387.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5332.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10387.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-06-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:03:01.074Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30157", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-30157", datePublished: "2022-06-15T21:51:49", dateReserved: "2022-05-03T00:00:00", dateUpdated: "2025-01-02T19:03:01.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-21393
Vulnerability from cvelistv5
Published
2025-01-14 18:04
Modified
2025-04-02 13:23
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21393 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5483.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-21393", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-15T21:21:11.240557Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-15T21:54:30.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5483.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10416.20041", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20356", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2016:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5483.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10416.20041", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20356", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2025-01-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T13:23:48.887Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21393", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2025-21393", datePublished: "2025-01-14T18:04:12.222Z", dateReserved: "2024-12-11T00:29:48.374Z", dateUpdated: "2025-04-02T13:23:48.887Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-33129
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2025-02-28 20:02
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5400.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:39:35.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-33129", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:24:58.442341Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T20:02:42.174Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5400.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10399.20005", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20548", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5400.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10399.20005", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20548", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:44:13.263Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129", }, ], title: "Microsoft SharePoint Server Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-33129", datePublished: "2023-06-13T23:26:23.503Z", dateReserved: "2023-05-17T21:16:44.895Z", dateUpdated: "2025-02-28T20:02:42.174Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38227
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38227 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5465.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38227", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:51:54.627659Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:54:38.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5465.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10414.20002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20086", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5465.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10414.20002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20086", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:04.859Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38227", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38227", datePublished: "2024-09-10T16:53:57.766Z", dateReserved: "2024-06-11T22:36:08.226Z", dateUpdated: "2024-12-31T23:03:04.859Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21318
Vulnerability from cvelistv5
Published
2024-01-09 17:57
Modified
2024-12-31 18:39
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21318 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5430.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21318", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-19T16:17:03.849611Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-12T19:11:59.745Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:39.890Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21318", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5430.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10406.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.10406.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5430.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10406.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.10406.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-01-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T18:39:50.236Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21318", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21318", datePublished: "2024-01-09T17:57:11.719Z", dateReserved: "2023-12-08T22:45:19.366Z", dateUpdated: "2024-12-31T18:39:50.236Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41037
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-01-02 21:27
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41037 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5365.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.216Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41037", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5365.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10391.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20158", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5365.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10391.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20158", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-10-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:27:16.131Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41037", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41037", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:27:16.131Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24472
Vulnerability from cvelistv5
Published
2022-04-15 19:02
Modified
2025-01-02 18:51
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5305.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-24472", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T16:33:28.685691Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-01T16:33:40.461Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T04:13:55.687Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5305.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10385.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20196", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5305.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5441.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5305.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10385.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20196", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5305.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5441.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-04-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:51:46.205Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24472", datePublished: "2022-04-15T19:02:57", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T18:51:46.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21743
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21743 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5378.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21743", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21743", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:32.146742Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:39.154Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5378.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10394.20021", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5378.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10394.20021", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306: Missing Authentication for Critical Function", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:35:57.202Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21743", }, ], title: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21743", datePublished: "2023-01-10T00:00:00.000Z", dateReserved: "2022-12-13T00:00:00.000Z", dateUpdated: "2025-02-28T21:14:39.154Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38024
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38024 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5456.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38024", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:33:54.560595Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:34:07.213Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:24.732Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5456.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10412.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17328.20424", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5456.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10412.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17328.20424", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:23.296Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38024", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38024", datePublished: "2024-07-09T17:02:24.448Z", dateReserved: "2024-06-11T18:18:00.681Z", dateUpdated: "2025-03-11T16:39:23.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38228
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38228 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5465.1001 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38228", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:51:06.381761Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:54:50.766Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5465.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10414.20002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.17928.20086", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5465.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10414.20002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.17928.20086", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:05.351Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38228", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38228", datePublished: "2024-09-10T16:53:58.405Z", dateReserved: "2024-06-11T22:36:08.227Z", dateUpdated: "2024-12-31T23:03:05.351Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38177
Vulnerability from cvelistv5
Published
2023-11-14 17:57
Modified
2025-01-01 02:15
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38177 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5422.1000 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.186Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38177", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5422.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10404.20003", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16731.20350", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5422.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10404.20003", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16731.20350", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-11-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:15:46.564Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38177", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38177", datePublished: "2023-11-14T17:57:16.219Z", dateReserved: "2023-07-12T23:41:45.865Z", dateUpdated: "2025-01-01T02:15:46.564Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }