virus logo Intrusion Prevention

MS.SharePoint.TypeReferenceExpression.Insecure.Deserialization

description-logoDescription

This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Microsoft SharePoint Server.
This vulnerability is due to improper input validation of the workflow rules file used to generate custom workflows. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of code in the security context of the server process.

affected-products-logoAffected Products

Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-02-06 22.489 Default_action:pass:drop
2023-01-24 22.482
ID 52531
Created Jan 16, 2023
Updated Feb 03, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2022-35823
Exploit Prediction Score 2.16%
Default Action drop
Active
Affected OS Windows
Affected App Other