CVE-2022-21837: Microsoft SharePoint Server Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Jan

Released

2022-01-11

Last Updated

2022-01-12

EPSS Score

7.69% (percentile: 91.9%)

FAQ

How could an attacker exploit the vulnerability? An authenticated attacker with access to the domain could perform remote code execution on the SharePoint server to elevate themselves to SharePoint admin.

Affected Products (4)

Microsoft Office

• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft SharePoint Foundation 2013 Service Pack 1

Security Updates (4)

• 5002113
• 5002109
• 5002111
• 5002127

Acknowledgments

<a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> with <a href="https://www.sangfor.com/">Sangfor</a>, <a href="https://twitter.com/cjm00nw">Yuhao Weng</a> with <a href="https://www.sangfor.com/">Sangfor</a>

Revision History

• 2022-01-11: Information published.
• 2022-01-12: Added an acknowledgement. This is an informational change only.