CVE-2014-2816 — Microsoft Sharepoint Foundation vulnerability

CWE-2643 documents3 sources

Severity

9.3CRITICALNVD

EPSS

48.8%

top 2.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Sharepoint Foundation Microsoft Sharepoint Server

Timeline

PublishedAug 12

Latest updateMay 14

Description

Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_server2013

▶NVDmicrosoft/sharepoint_foundation2013

🔴Vulnerability Details

GHSA

GHSA-366m-7h4q-23vx: Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Tr↗2022-05-14

▶

CVEList

CVE-2014-2816: Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Tr↗2014-08-12

▶