CVE-2023-33142: Microsoft SharePoint Server Elevation of Privilege Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Jun

Released

2023-06-13

Last Updated

2023-06-19

EPSS Score

1.62% (percentile: 81.9%)

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited the vulnerability would be able to create a list or document library in the targeted SharePoint site. According to the CVSS metrics, successful exploitation of this vulnerability could lead to a major loss of integrity (I:H) but no loss of confidentiality (C:N), or have any effect on availability (A:N). How could an attacker affect the SharePoint site? An attacker who successfully exploited this vulnerability could create a list or document library in the targeted SharePoint site thus affecting the integrity. However, an attacker could not edit or delete a list or document library from the SharePoint site. I am running SharePoint Server 2019 and there are multiple updates available. Do I need to install all the updates listed in the Security Updates table for these versions? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

Affected Products (2)

Microsoft Office

• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition

Security Updates (3)

• 5002402
• 5002403
• 5002416

Acknowledgments

Anonymous

Revision History

• 2023-06-13: Information published.
• 2023-06-19: Updated FAQ information. This is an informational change only.