Описание
Microsoft SharePoint Server Information Disclosure Vulnerability
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is user tokens and other potentially sensitive information.
According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?
A successful attacker could gain the Domain SID prefix for the targeted site.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must be authenticated to be able to exploit this vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
Уязвимость пакетов программ Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Enterprise Server, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
6.5 Medium
CVSS3