Spoofing attack in Microsoft products - CVE-2022-41122
Published: November 8, 2022
Vulnerability identifier: #VU69069
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-41122
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft SharePoint Server
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Foundation
Microsoft SharePoint Enterprise Server
Microsoft SharePoint Server
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Foundation
Microsoft SharePoint Enterprise Server
Detailed vulnerability description
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in the Microsoft SharePoint Server. A remote user can spoof page content.
How to mitigate CVE-2022-41122
Install updates from vendor's website.