Sharepoint Server Security Vulnerabilities - January
<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security cont...
8.6CVSS
8.5AI Score
0.006EPSS
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoi...
6.3CVSS
6.3AI Score
0.001EPSS
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administ...
8.8CVSS
8.6AI Score
0.041EPSS
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.The attacke...
5.4CVSS
5.5AI Score
0.001EPSS
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.The attacke...
5.4CVSS
5.5AI Score
0.001EPSS
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.The attacke...
5.4CVSS
5.5AI Score
0.001EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...
5.5CVSS
5.5AI Score
0.01EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...
5.5CVSS
5.5AI Score
0.01EPSS
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, an attacker would have...
5.5CVSS
5.5AI Score
0.01EPSS
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoi...
5.4CVSS
6AI Score
0.001EPSS
<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.</p><p>To exploit the vulnerability, an attacker would need to be authenticated on an aff...
8.9CVSS
8.2AI Score
0.001EPSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...
5.5CVSS
5.4AI Score
0.0004EPSS
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoin...
8.5CVSS
8.6AI Score
0.008EPSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...
5.4CVSS
5.4AI Score
0.001EPSS
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...
8.8CVSS
7.8AI Score
0.135EPSS
<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm acc...
9.9CVSS
8.7AI Score
0.013EPSS
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with admin...
7.8CVSS
7.8AI Score
0.017EPSS
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p><p>To take advan...
4.1CVSS
4.9AI Score
0.0004EPSS
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p><p>To take advan...
4.1CVSS
4.9AI Score
0.0004EPSS
<p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.</p><p>An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who ...
8.7CVSS
7.9AI Score
0.001EPSS
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoi...
8.7CVSS
7.4AI Score
0.001EPSS
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoi...
8.7CVSS
7.3AI Score
0.001EPSS
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p><p>To exploit the vulnerability, an attacker ...
6.5CVSS
6.3AI Score
0.008EPSS
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p><p>To exploit the vulnerability, an attacker ...
5CVSS
5.5AI Score
0.001EPSS
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoin...
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoin...
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p><p>To exploit the vulnerability, an attacker ...
6.5CVSS
6.3AI Score
0.008EPSS
5.3CVSS
5.2AI Score
0.006EPSS
4.3CVSS
5.3AI Score
0.002EPSS
8CVSS
7.6AI Score
0.001EPSS
5.3CVSS
5.1AI Score
0.006EPSS
5.4CVSS
5.9AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.018EPSS
7.1CVSS
6.8AI Score
0.002EPSS
8CVSS
7.6AI Score
0.002EPSS
8.1CVSS
8.6AI Score
0.025EPSS
5.3CVSS
5.1AI Score
0.008EPSS
8.8CVSS
8.6AI Score
0.029EPSS
7.8CVSS
8.1AI Score
0.011EPSS
4.6CVSS
6.1AI Score
0.001EPSS
8.8CVSS
8.6AI Score
0.013EPSS
8CVSS
8AI Score
0.002EPSS
7.8CVSS
7.7AI Score
0.011EPSS
7.8CVSS
7.7AI Score
0.008EPSS
7.8CVSS
7.7AI Score
0.011EPSS
4.6CVSS
6.1AI Score
0.001EPSS
8CVSS
7.7AI Score
0.001EPSS
8CVSS
8.1AI Score
0.002EPSS
8CVSS
7.9AI Score
0.002EPSS
8.8CVSS
8.6AI Score
0.009EPSS