in ,

CVE-2022-22005 Microsoft Sharepoint RCE

SharePoint is a platform for sharing and managing content, knowledge, and apps to support teamwork, quickly finding information, and collaborating seamlessly across the organization. More than 200,000 organizations and 190 million people use SharePoint for intranets, team sites, and content management. The number above is enough to see that this is always a big target for security researchers looking for vulnerabilities.

With SharePoint, users can create an intranet (or intranet system) that works like any other website. In addition to a large site for the organization, sharepoint can divide small sub-sites for each group and internal department. Besides, this is a great content sharing management platform with customizable lists. Some types of list are built-in on Sharepoint such as list of images, documents, forms… In addition to the built-in lists, users can install a new list and customize the properties of that list as they want. The powerful toolsets for customizing on Sharepoint are Sharepoint Designer and InfoPath Designer.


Microsoft’s February – 2022 patch fixes a vulnerability with code CVE-2022-22005. This vulnerability allows an attacker to execute code remotely and is scored 8.8 on the CVSSv3 calculator. Affected versions are listed below

  • Microsoft SharePoint Server Subscription Edition
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Enterprise Server 2013 Service Pack 1
  • Microsoft SharePoint Enterprise Server 2016

The analysis below was performed on Microsoft SharePoint Enterprise Server 2016

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Spring Framework Data Binding Rules Vulnerability (CVE-2022-2296

CVE-2021-35029 – Authentication Bypass & RC in Zyxel USG devices