CVE-2023-33165: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Security Feature Bypass Vulnerability (CVE-2023-33165) was disclosed in July 2023. This vulnerability affects Microsoft SharePoint Server Subscription Edition and SharePoint Server 2019. The vulnerability was officially acknowledged by Microsoft and assigned a CVE identifier on May 17, 2023 (CVE List).

The vulnerability has received different severity assessments from various sources. The NVD assigned it a CVSS v3.1 Base Score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, while Microsoft Corporation rated it as MEDIUM with a score of 4.3 and vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. Microsoft has classified this as a Security Feature Bypass vulnerability type, and it has been associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD Database).

The vulnerability could potentially lead to exposure of sensitive information to unauthorized actors, as indicated by its CWE-200 classification (NVD Database).

Microsoft has released security updates to address this vulnerability. The fix is included in the July 11, 2023 security update package (KB5002424) for SharePoint Server Subscription Edition and KB5002423 for SharePoint Server 2019 (Microsoft Support).