CVE-2022-41036
Published: 11 October 2022
Summary
CVE-2022-41036 is a high-severity an unspecified weakness vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 4.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft SharePoint Server is affected by CVE-2022-41036, a remote code execution vulnerability disclosed on October 11, 2022. The flaw carries a CVSS 3.1 base score of 8.8 with network attack vector, low attack complexity, and low privileges required, enabling high impact on confidentiality, integrity, and availability.
An authenticated attacker with low-privileged access can exploit the vulnerability over the network without user interaction to execute arbitrary code on the SharePoint server, potentially leading to full compromise of the affected system and its data.
Microsoft has published official guidance and patches addressing the issue through its Security Response Center at the referenced URLs, directing administrators to apply the recommended updates for SharePoint Server.
The associated EPSS score has remained flat at 0.1770 with no indicated rise since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44281
Vulnerability details
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.