CVE-2022-38008: Microsoft SharePoint Server Remote Code Execution Vulnerability
First published: Tue Sep 13 2022(Updated: )
Microsoft SharePoint Server Remote Code Execution Vulnerability
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft SharePoint Enterprise Server | =2013-sp1 | |
| Microsoft SharePoint Enterprise Server | =2016 | |
| Microsoft SharePoint Foundation | =2013-sp1 | |
| Microsoft SharePoint Server | ||
| Microsoft SharePoint Server | =language_pack | |
| Microsoft SharePoint Server | =2019 | |
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Foundation 2013 | ||
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Enterprise Server 2013 | ||
| Microsoft SharePoint Server Subscription Edition Language Pack | ||
| Microsoft SharePoint Server Subscription Edition |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-38008?
CVE-2022-38008 is a remote code execution vulnerability in Microsoft SharePoint Server.
Which versions of SharePoint Server are affected by CVE-2022-38008?
SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Server Subscription Edition Language Pack are affected by CVE-2022-38008.
What is the severity rating of CVE-2022-38008?
The severity rating of CVE-2022-38008 is high with a CVSS score of 8.8.
How can I fix CVE-2022-38008?
You can fix CVE-2022-38008 by applying the relevant security patches provided by Microsoft for the affected SharePoint Server versions.
Where can I find more information about CVE-2022-38008?
You can find more information about CVE-2022-38008 on the Microsoft Security Response Center website at: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008
- collector/nvd-index
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- collector/msrc-cve
- source/Microsoft
- agent/tags
- agent/software-canonical-lookup
- vendor/microsoft
- canonical/microsoft sharepoint enterprise server
- version/microsoft sharepoint enterprise server/2013-sp1
- version/microsoft sharepoint enterprise server/2016
- canonical/microsoft sharepoint foundation
- version/microsoft sharepoint foundation/2013-sp1
- canonical/microsoft sharepoint server
- version/microsoft sharepoint server/language_pack
- version/microsoft sharepoint server/2019
- canonical/microsoft sharepoint enterprise server 2016
- canonical/microsoft sharepoint server subscription edition
- canonical/microsoft sharepoint server subscription edition language pack
- canonical/microsoft sharepoint enterprise server 2013
- canonical/microsoft sharepoint server 2019
- canonical/microsoft sharepoint foundation 2013