Microsoft SharePoint Server Privilege Escalation Vulnerability

Added Jan. 10, 2024 • Due Jan. 31, 2024 • CVE-2023-29357

Overdue Microsoft / SharePoint Server Known Ransomware Use CWE-303

Description

Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357
https://nvd.nist.gov/vuln/detail/CVE-2023-29357

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 4 months, 1 week ago