CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33142 – Microsoft SharePoint Server Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-33142
Microsoft SharePoint Server Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33142 • CWE-285: Improper Authorization •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33132 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-33132
Microsoft SharePoint Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33132 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33130 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-33130
Microsoft SharePoint Server Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33130 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33129 – Microsoft SharePoint Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-33129
Microsoft SharePoint Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33129 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 82%CPEs: 1EXPL: 5CVE-2023-29357 – Microsoft SharePoint Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ValidateTokenIssuer method. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. • https://github.com/Chocapikk/CVE-2023-29357 https://github.com/LuemmelSec/CVE-2023-29357 https://github.com/KeyStrOke95/CVE-2023-29357-ExE https://github.com/Jev1337/CVE-2023-29357-Check https://github.com/AhmedMansour93/Event-ID-189-Rule-Name-SOC227-CVE-2023-29357 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357 • CWE-303: Incorrect Implementation of Authentication Algorithm •