Cyber Resilience

CVE-2022-24472

High

Published: 15 April 2022

Published
15 April 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0696 91.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-24472 is a high-severity an unspecified weakness vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.0 (High).

Operationally, ranked in the top 8.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Microsoft SharePoint Server is affected by CVE-2022-24472, a spoofing vulnerability disclosed on 2022-04-15. The flaw carries a CVSS 3.1 score of 8.0 with an attack vector of network, low complexity, low privileges required, and required user interaction, resulting in high impact to confidentiality, integrity, and availability.

An authenticated attacker with low privileges can exploit the issue over the network by crafting spoofed requests that require a victim user to interact with malicious content. Successful exploitation allows the attacker to impersonate other users or resources and obtain full control over affected SharePoint content and data.

Microsoft has published remediation guidance in its Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472. The current EPSS score of 0.0696 with a recorded peak of 0.0900 indicates limited observed exploitation interest since disclosure.

EU & UK References

Vulnerability details

Microsoft SharePoint Server Spoofing Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
sharepoint foundation
2013
microsoft
sharepoint server
2016, 2019, all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References