漏洞标题
微软SharePoint远程代码执行漏洞
漏洞描述信息
<p>当Microsoft SharePoint软件未能检查应用程序包的源代码标记时,存在一个远程代码执行漏洞。成功利用此漏洞的攻击者可以在SharePoint应用程序池和SharePoint服务器场帐户的上下文中运行任意代码。</p>
<p>利用此漏洞需要用户将特制的SharePoint应用程序包上传到受影响版本的SharePoint中。</p>
<p>安全更新通过纠正SharePoint检查应用程序包源代码标记的方式,解决了该漏洞。</p>
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Microsoft SharePoint Remote Code Execution Vulnerability
漏洞描述信息
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
漏洞类别
N/A
漏洞标题
Microsoft SharePoint 安全漏洞
漏洞描述信息
Microsoft SharePoint是美国微软(Microsoft)公司的一套企业业务协作平台。该平台用于对业务信息进行整合,并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。 Microsoft SharePoint 中存在安全漏洞。该漏洞源于当软件无法检查应用程序包的源标记时,存在远程执行代码漏洞。攻击者可以利用该漏洞获取与用户相同权限。以下产品及版本受到影响: Microsoft SharePoint Enterprise Server 2016版本, Microsoft Sha
CVSS信息
N/A
漏洞类别
其他