The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Enterprise Server, and Microsoft SharePoint Foundation lies in insufficient input data validation, allowing an attacker to execute arbitrary code.

🗓️ 16 Dec 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

SharePoint products have a vulnerability from insufficient input validation allowing code execution.

Reporter	Title	Published	Views	Family All 24
ATTACKERKB	CVE-2022-44690	13 Dec 202219:15	–	attackerkb
CNNVD	Microsoft SharePoint 安全漏洞	13 Dec 202200:00	–	cnnvd
CNVD	Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2022-89421)	19 Dec 202200:00	–	cnvd
CVE	CVE-2022-44690	13 Dec 202200:00	–	cve
Cvelist	CVE-2022-44690 Microsoft SharePoint Server Remote Code Execution Vulnerability	13 Dec 202200:00	–	cvelist
Microsoft KB	Description of the security update for SharePoint Server 2019: December 13, 2022 (KB5002311)	13 Dec 202208:00	–	mskb
Microsoft KB	December 13, 2022, cumulative update for SharePoint Enterprise Server 2013 (KB5002317)	13 Dec 202208:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319)	13 Dec 202208:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Enterprise Server 2016: December 13, 2022 (KB5002321)	13 Dec 202208:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Server Subscription Edition: December 13, 2022 (KB5002327)	13 Dec 202208:00	–	mskb

Source	Link
msrc	www.msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-44690
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022121381
web	www.web.nvd.nist.gov/view/vuln/detail

16 Dec 2022 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 38.8

CVSS 29

EPSS0.30222

sharepoint vulnerability input validation arbitrary code execution sharepoint server sharepoint foundation