CVE-2023-33159: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Spoofing Vulnerability (CVE-2023-33159) was disclosed and patched in July 2023. This vulnerability affects multiple versions of SharePoint Server including SharePoint Server Subscription Edition, SharePoint Server 2016 Enterprise, and SharePoint Server 2019 (Microsoft Update).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. Microsoft has classified this as a Cross-site Scripting (XSS) vulnerability under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

The vulnerability could potentially lead to high impacts on confidentiality, integrity, and availability of the affected systems, as indicated by the CVSS scoring. The attack vector is network-accessible and requires user interaction (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through Microsoft Update, Microsoft Update Catalog, and as standalone packages through the Microsoft Download Center. For SharePoint Server Subscription Edition, the update is included in build 16.0.16130.20642 (KB5002424) (Microsoft Update).