Sept. 19, 2023, 1:37 p.m. | /u/netlas_io


**Main information**

CVE: CVE-2023-36764Vulnerable product: Mirosoft SharePoint ServerBase score: 8.8 (High)

**In detail**

This vulnerability was discovered by Microsoft.Some SharePoint servers are vulnerable to Elevation of Privelege. Attacker could gain administrator privileges by creating an ASP.NET page with specially-crafted declarative markup. Only authorization at the Site Member level is required.


CVE was published at 09/12/2023.Patch was uploaded at 09/12/2023.Vulnerability didn’t exploited before patch.

**Quantity estimation**

[Shodan – 2,572 instances](

Dork: http.component:"Microsoft SharePoint"

[Censys – 16,956 instances](

Dork: labels=\`microsoft-sharepoint\`

[Netlas …

asp attacker authorization cve cybersecurity high information main markup microsoft microsoft sharepoint mirosoft .net page privileges product score server servers sharepoint stats timeline vulnerability vulnerable

Business Information Security Officer

@ Metrolink | Los Angeles, CA

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City

Security Engineer

@ ChartMogul | Remote, EU

Cyber Hunt Subject Matter Expert (SME) - Hybrid

@ XOR Security | Alexandria, VA

Software Compliance, Safety and Security Manager (w/m/d)

@ Bosch Group | Stuttgart, Germany

Chef de projet - Service PKI

@ Alter Solutions | Paris, France