CVE-2022-30172

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified) Microsoft Office Web Apps Server (affected versions not specified) Microsoft Office Online Server (affected versions not specified)

Description The issue is related to insufficient protection of service data in Microsoft products, which can be exploited by an attacker to gain unauthorized access to protected information. This can be achieved through a specially crafted malicious file or a specially crafted malicious web page. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Microsoft SharePoint Server, update to a version that includes the fix for this issue. For Microsoft SharePoint Enterprise Server, update to a version that includes the fix for this issue. For Microsoft Office Web Apps Server, update to a version that includes the fix for this issue. For Microsoft Office Online Server, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive data until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.