CVE-2022-41122: Microsoft SharePoint Server Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2022-Nov

Released

2022-11-08

EPSS Score

15.39% (percentile: 94.6%)

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

Affected Products (5)

Microsoft Office

• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Enterprise Server 2013 Service Pack 1
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft SharePoint Foundation 2013 Service Pack 1

Security Updates (5)

• 5002269
• 5002264
• 5002267
• 5002258
• 5002271

Acknowledgments

<a href="https://twitter.com/cursered">Li Jian Tao (@CurseRed)</a> with <a href="https://starlabs.sg/">STAR Labs</a>

Revision History

• 2022-11-08: Information published. This CVE was addressed by updates that were released in September 2022, but the CVE was omitted from the September 2022 Security Updates. This is an informational change only. Customers who have already installed the September 2022 update do not need to take any further action.