CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33132 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-33132
Microsoft SharePoint Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33130 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-33130
Microsoft SharePoint Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33129 – Microsoft SharePoint Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-33129
Microsoft SharePoint Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 88%CPEs: 1EXPL: 4CVE-2023-29357 – Microsoft SharePoint Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ValidateTokenIssuer method. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. • https://github.com/Chocapikk/CVE-2023-29357 https://github.com/LuemmelSec/CVE-2023-29357 https://github.com/KeyStrOke95/CVE-2023-29357-ExE https://github.com/Jev1337/CVE-2023-29357-Check https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 8.8EPSS: 21%CPEs: 3EXPL: 1CVE-2023-24955 – Microsoft SharePoint Server Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-24955
Microsoft SharePoint Server Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the GenerateProxyAssembly method. The issue results from the lack of proper validation of a user-supplied string before using it to execute C# code. An attacker can leverage this vulnerability to execute code in the context of SharePoint farm service account. Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. • https://github.com/former-farmer/CVE-2023-24955-PoC https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955 • CWE-94: Improper Control of Generation of Code ('Code Injection') •