Critical authentication bypass in Microsoft SharePoint that can lead to unauthenticated remote code execution when chained with another vulnerability.
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | 16.0.0, 16.0.5561.1001 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| microsoft | microsoft sharepoint server subscription edition | mitre_affected | 90% |
| microsoft | microsoft sharepoint | mitre_affected | 90% |
Updated description with new technical details, added affected version, and specified the fixed version number.
Updated description with new details, changed product to 'Microsoft SharePoint Server', severity to 'HIGH', and noted no exploit available.
Updated description with details about weak authentication and marked the vulnerability as actively exploited with an exploit available.
Initial creation