Описание
Microsoft SharePoint Server Security Feature Bypass Vulnerability
FAQ
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must have read access to the target site within SharePoint.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
The attacker would be able to bypass the protection in SharePoint blocking the HTTP request based on IP range. If an attacker successfully exploited this vulnerability, they could validate the presence or absence of an HTTP endpoint within the blocked IP range.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Foundation 2013 Service Pack 1 | ||
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
Microsoft SharePoint Server Security Feature Bypass Vulnerability
Microsoft SharePoint Server Security Feature BypassVulnerability.
Уязвимость пакетов программ Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, программного обеспечения для электронного документооборота Microsoft SharePoint Foundation, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS
4.3 Medium
CVSS3