Spoofing attack in Microsoft products - CVE-2022-24472
Published: April 12, 2022
Vulnerability identifier: #VU62149
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-24472
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft SharePoint Server
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Foundation
Microsoft SharePoint Enterprise Server
Microsoft SharePoint Server
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Foundation
Microsoft SharePoint Enterprise Server
Detailed vulnerability description
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Microsoft SharePoint Server. A remote user can spoof page content.
How to mitigate CVE-2022-24472
Install updates from vendor's website.