CVE-2023-23395: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Spoofing Vulnerability (CVE-2023-23395) was disclosed on March 14, 2023. This vulnerability affects multiple versions of Microsoft SharePoint Server including SharePoint Foundation 2013 SP1, SharePoint Server Subscription Edition, SharePoint Server 2013 SP1 Enterprise, and SharePoint Server 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 3.1 (LOW) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Microsoft has classified this as a URL Redirection to Untrusted Site ('Open Redirect') vulnerability, identified under CWE-601 (NVD).

The vulnerability could allow an attacker to perform spoofing attacks against affected SharePoint Server installations. The impact is considered low, with potential for integrity compromise but no direct effect on confidentiality or availability (Microsoft).

Microsoft has released security updates to address this vulnerability. The fix is included in build 16.0.16130.20206 of the security update package for SharePoint Server Subscription Edition. Users should apply the relevant security updates through Microsoft Update or download the standalone update package from the Microsoft Update Catalog (Microsoft Support).