Spoofing attack in Microsoft products - CVE-2023-23395
Published: March 14, 2023
Vulnerability identifier: #VU73599
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-23395
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft SharePoint Server
Microsoft SharePoint Foundation
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Enterprise Server
Microsoft SharePoint Server
Microsoft SharePoint Foundation
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Enterprise Server
Detailed vulnerability description
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Microsoft SharePoint Server. A remote attacker can spoof page content.
How to mitigate CVE-2023-23395
Install updates from vendor's website.