A critical Microsoft SharePoint server bug that can form part of a remote code execution (RCE) exploit chain has been added to the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Known Exploited Vulnerabilities (KEV) Catalog. The bug, tracked as CVE-2023-29357, is an elevation of privilege vulnerability with a CVSS v3 score of 9.8.
Source: SC Magazine