#Microsoft Office SharePoint

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to modify their Display Name within SharePoint.

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.

**There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?** Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the rights to use the SharePoint Migration tool and the ability create a new SharePoint site collection.

*What is the attack vector for this vulnerability?* In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the SharePoint Server.

*What kind of information can be disclosed?* An attacker can gain access to an organizational's email, sites, filename, url of file...