This vulnerability is caused by improper input validation on the server side. Attackers can inject malicious code into a specially crafted request and make it run on the server.
When the server is compromised, attackers can access data or perform actions on behalf of the server’s legitimate user. An attacker might exploit this vulnerability to gain access to the server or to steal data. An attacker does not need to have a user logged on to the server to exploit this vulnerability. This vulnerability can be exploited by sending specially crafted requests to the server. An attacker might use a Web browser or an application like Outlook or another application that accesses SharePoint via the Internet. An attacker might host a specially crafted file on a remote server and then have clients try to access the file using an Internet Web site.
Vulnerable Configuration
The SharePoint Server is configured with Security Configuration settings that are vulnerable to this type of attack.
Vulnerability details
The vulnerability is caused by improper input validation on the server side. Attackers can inject malicious code into a specially crafted request and make it run on the server.
When the server is compromised, attackers can access data or perform actions on behalf of the server’s legitimate user. An attacker might exploit this vulnerability to gain access to the server or to steal data. An attacker does not need to have a user logged on to the server to exploit this vulnerability. This vulnerability can be exploited by sending specially crafted requests to the server. An attacker might use a Web browser or an application like Outlook or another application that accesses SharePoint via the Internet. An attacker might host a specially crafted file on a remote server and then have clients try to access the file using an Internet Web site.
Vulnerability overview
The vulnerability exists in Microsoft SharePoint Server when the server does not validate input correctly.
This vulnerability was found when the Microsoft SharePoint Team Services (MSTS) scan for vulnerabilities identified CVE-2022-38008.
This vulnerability affects all SharePoint servers that use MSTS.
Vulnerability Scenario
An attacker creates a malicious file and hosts it on a remote server. The attacker then uses a Web browser or another application that accesses SharePoint via the Internet to try to download it.
The vulnerability could be exploited by an attacker who is located in the same network or in the same country as the victim.
Timeline
Published on: 09/13/2022 19:15:00 UTC
Last modified on: 09/16/2022 18:09:00 UTC