Privilege escalation in Microsoft SharePoint Server

Published: 2023-09-13
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-36764
Exploitation vector Network
Public exploit N/A
Vulnerable software
Microsoft SharePoint Server Subscription Edition
Server applications / Application servers

Microsoft SharePoint Server
Server applications / Application servers

Microsoft SharePoint Enterprise Server
Server applications / Application servers


Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU80710

Risk: Medium


CVE-ID: CVE-2023-36764


Exploit availability:


The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Microsoft SharePoint Server, which leads to security restrictions bypass and privilege escalation.


Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server Subscription Edition: before 16.0.16731.20180

Microsoft SharePoint Server: before 16.0.10402.20016

Microsoft SharePoint Enterprise Server: before 16.0.5413.1001

Fixed software versions

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?