CVE-2023-29357

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server versions prior to 16.0.10399.20005

Description This issue is an elevation of privilege vulnerability in Microsoft SharePoint Server that allows attackers to affect the system. The vulnerability enables remote attackers to gain administrator privileges by circumventing authentication using spoofed JWT auth tokens. This flaw is actively exploited and has been observed in attacks, with reports of successful exploitation attempts. The vulnerability has been exploited in conjunction with other flaws to enable remote code execution. Approximately 2500 internet-connected SharePoint servers globally are estimated to be vulnerable, with around 650 located in Russia. The vulnerability is tracked as CVE-2023-29357. Exploitation involves targeting the /api/web/siteusers endpoint.

Recommendations Update Microsoft SharePoint Server to version 16.0.10399.20005 or later.