CVE-2022-30158: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-30158) was disclosed and patched in June 2022. This vulnerability affects multiple versions of SharePoint Server including SharePoint Foundation 2013 SP1, SharePoint Server 2013 SP1 Enterprise, SharePoint Server 2016 Enterprise, SharePoint Server 2019, and SharePoint Server Subscription Edition (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and requiring low privileges. Under CVSS v2.0, it received a Base Score of 6.0 (MEDIUM) with vector (AV:N/AC:M/Au:S/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute remote code on the affected SharePoint Server system, potentially compromising the confidentiality, integrity, and availability of the system (Microsoft Support).

Microsoft has released security updates to address this vulnerability. The fixes are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For SharePoint Server 2019, the update is KB5002212, and for SharePoint Enterprise Server 2016, the update is KB5002222 (Microsoft Support).