CVE-2023-28288

🗓️ 11 Apr 2023 19:13:18Reported by microsoftType

cve🔗 web.nvd.nist.gov👁 178 Views🌐 WEB

Microsoft SharePoint Server Spoofing Vulnerabilit

Reporter	Title	Published	Views	Family All 27
0day.today	Microsoft SharePoint Enterprise Server 2016 - Spoofing Exploit	26 Jun 202300:00	–	zdt
CNNVD	Microsoft SharePoint 安全漏洞	11 Apr 202300:00	–	cnnvd
CNVD	Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-72199)	13 Apr 202300:00	–	cnvd
Cvelist	CVE-2023-28288 Microsoft SharePoint Server Spoofing Vulnerability	11 Apr 202319:13	–	cvelist
Exploit DB	Microsoft SharePoint Enterprise Server 2016 - Spoofing	26 Jun 202300:00	–	exploitdb
EUVD	EUVD-2023-31995	3 Oct 202520:07	–	euvd
Microsoft KB	Description of the security update for SharePoint Server 2019: April 11, 2023 (KB5002373)	11 Apr 202307:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Server Subscription Edition: April 11, 2023 (KB5002375)	11 Apr 202307:00	–	mskb
Microsoft KB	April 11, 2023, cumulative update for SharePoint Enterprise Server 2013 (KB5002381)	11 Apr 202307:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383)	11 Apr 202307:00	–	mskb

NVD

Vulners

CNA

Node

microsoft sharepoint_foundationMatch2013sp1

microsoft sharepoint_serverMatch-subscription

microsoft sharepoint_serverMatch2013sp1enterprise

microsoft sharepoint_serverMatch2016enterprise

microsoft sharepoint_serverMatch2019

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Enterprise Server 2016",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.5391.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.5545.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Server 2019",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.10397.20002",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Server Subscription Edition",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "16.0.16130.20314",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "15.0.5545.1000",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288
packetstormsecurity	www.packetstormsecurity.com/files/173126/Microsoft-SharePoint-Enterprise-Server-2016-Spoofing.html

Parameter	Position	Path	Description	CWE
file_name	path	/vuln_file.aspx	Exploit path to trigger SharePoint spoofing vulnerability via crafted file on server	CWE-918

23 Jan 2025 01:04Current

7.8High risk

Vulners AI Score7.8

CVSS 3.18.1

EPSS0.09091

SSVC

CWE-918