CVE-2023-21743Missing Authentication for Critical Function in Microsoft Sharepoint Enterprise Server 2016

CWE-306Missing Authentication for Critical Function10 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
11.6%
top 6.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Sharepoint Enterprise Server 2016Microsoft Sharepoint Server 2019Microsoft Sharepoint Server Subscription Edition+1 more
Timeline
PublishedJan 10
Latest updateJan 11

Description

Microsoft SharePoint Server Security Feature Bypass Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5microsoft/microsoft_sharepoint_server_201916.0.016.0.10394.20021
CVEListV5microsoft/microsoft_sharepoint_enterprise_server_201616.0.016.0.5378.1000
CVEListV5microsoft/microsoft_sharepoint_server_subscription_edition16.0.016.0.15601.20418
NVDmicrosoft/sharepoint_server2016, 2019+1

🔴Vulnerability Details

2
GHSA
GHSA-j736-7m9g-xp23: Microsoft SharePoint Server Security Feature Bypass Vulnerability2023-01-11
CVEList
Microsoft SharePoint Server Security Feature Bypass Vulnerability2023-01-10

📋Vendor Advisories

1
Microsoft
Microsoft SharePoint Server Security Feature Bypass Vulnerability2023-01-10

🕵️Threat Intelligence

4
Talos
Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities2023-01-10
Qualys
The January 2023 Patch Tuesday Security Update Review | Qualys2023-01-10
Talos
Microsoft Patch Tuesday for January 2023 — Snort rules and prominent vulnerabilities2023-01-10
Qualys
The January 2023 Patch Tuesday Security Update Review2023-01-10
CVE-2023-21743 — Microsoft vulnerability | cvebase