Jun 2023: Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2023-29357 Published on June 14, 2023
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Known Exploited Vulnerability
This Microsoft SharePoint Server Privilege Escalation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
The following remediation steps are recommended / required by January 31, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weakness Type
Incorrect Implementation of Authentication Algorithm
The requirements for the software dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. This incorrect implementation may allow authentication to be bypassed.
Products Associated with CVE-2023-29357
Want to know whenever a new CVE is published for Microsoft Sharepoint Server? stack.watch will email you.
Affected Versions
Microsoft SharePoint Server 2019:- Version 16.0.0 and below 16.0.10399.20005 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.