Try in Splunk Security Cloud


This analytic story focuses on the Microsoft SharePoint Server vulnerability CVE-2023-29357, which allows for an elevation of privilege due to improper handling of authentication tokens. Exploitation of this vulnerability could lead to a serious security breach where an attacker might gain privileged access to the SharePoint environment, potentially leading to data theft or other malicious activities. This story is associated with the detection Microsoft SharePoint Server Elevation of Privilege which identifies attempts to exploit this vulnerability.

  • Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
  • Datamodel: Web
  • Last Updated: 2023-09-27
  • Author: Michael Haag, Gowthamaraj Rajendran, Splunk
  • ID: 95ae800d-485e-47f7-866e-8be281aa497d


Microsoft SharePoint Server is a widely used web-based collaborative platform. The vulnerability CVE-2023-29357 exposes a flaw in the handling of authentication tokens, allowing an attacker to escalate privileges and gain unauthorized access to the SharePoint environment. This could potentially lead to data theft, unauthorized system modifications, or other malicious activities. Organizations are urged to apply immediate patches and conduct regular system assessments to ensure security.


Name Technique Type
Microsoft SharePoint Server Elevation of Privilege Exploitation for Privilege Escalation TTP


source | version: 1