These vulnerabilities affect SharePoint Server 2013, SharePoint Server 2016, and SharePoint Online. The attacker doesn' need to be authenticated to have remote code execution rights. These vulnerabilities have been assigned Common Vulnerabilities and Exposures numbers CVE-2022 and CVE-2022-41036 to CVE-2022-41038. CVE-2022 is a high severity vulnerability. By definition, high severity vulnerabilities have a high probability of being exploited. As of May 21st, 2018, there are 10 products with a verified advisory that address one of these vulnerabilities: Microsoft software - A patch for this issue has been released for Microsoft SharePoint Server 2013, Microsoft SharePoint Server 2016, and Microsoft SharePoint Online. You can get the latest version from the Microsoft Update Catalog or from Microsoft directly.
- A patch for this issue has been released for Microsoft SharePoint Server 2013, Microsoft SharePoint Server 2016, and Microsoft SharePoint Online. You can get the latest version from the Microsoft Update Catalog or from Microsoft directly. Apache software - A patch for this issue has been released for the Apache web server. You can get the latest version from the vendor directly or from the vendor's download page.
- A patch for this issue has been released for the Apache web server. You can get the latest version from the vendor directly or from the vendor's download page
Microsoft SharePoint Server 2013
, SharePoint Server 2016, and SharePoint Online
This vulnerability is addressed in Microsoft SharePoint Server 2013, Microsoft SharePoint Server 2016, and Microsoft SharePoint Online by using the update rollup 31 for these products. A patch for this issue has been released for these products. You can get the latest version from the Microsoft Update Catalog or from Microsoft directly.
Microsoft recommends that customers apply updates to their systems as soon as possible.
Microsoft SharePoint Server 2016 CVE-2022 -38053
- SharePoint is vulnerable to a remote code execution vulnerability in Microsoft Agent Object Model that allows an attacker to execute arbitrary code on the SharePoint server.
- The attack vector of this vulnerability is through the WebDAV interface.
- The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 10.
- This vulnerability has been assigned CVE-2022 and CVE-2022-41036 to CVE-2022-41038. CVE-2022 is a high severity vulnerability. By definition, high severity vulnerabilities have a high probability of being exploited. As of May 21st, 2018, there are 10 products with a verified advisory that address one of these vulnerabilities: Microsoft software - A patch for this issue has been released for Microsoft SharePoint Server 2013, Microsoft SharePoint Server 2016, and Microsoft SharePoint Online. You can get the latest version from the Microsoft Update Catalog or from Microsoft directly.
- A patch for this issue has been released for Microsoft SharePoint Server 2013, Microsoft SharePoint Server 2016, and Microsoft SharePoint Online. You can get the latest version from the Microsoft Update Catalog or from Microsoft directly. Apache software - A patch for this issue has been released for the Apache web server. You can get the latest version from the vendor directly or from the vendor's download page.
- A patch for this issue has been released for the Apache web server. You can get the latest version from the vendor directly or from the
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/13/2022 15:43:00 UTC