Описание
Microsoft SharePoint Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server.
To exploit this vulnerability, an authenticated attacker would send a specially crafted request to an affected server, thereby allowing the impersonation of another SharePoint user.
The security update addresses the vulnerability by correcting how Microsoft SharePoint sanitizes user input.
FAQ
Is the Preview Pane an attack vector for this vulnerability?
No, the Preview Pane is not an attack vector.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Foundation 2013 Service Pack 1 | ||
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Server 2019 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
Уязвимость пакетов программ Microsoft SharePoint Server, SharePoint Foundation и SharePoint Enterprise Server, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS