Описание
Microsoft SharePoint Server Spoofing Vulnerability
FAQ
I am running SharePoint Enterprise Server 2013 Service Pack 1. Do I need to install both updates that are listed for SharePoint Enterprise Server 2013 Service Pack 1?
No. The Cumulative update for SharePoint Server 2013 includes the update for Foundation Server 2013. Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.
Please note that this is a clarification of the existing servicing model for SharePoint Server 2013 and applies for all previous updates.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.
According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?
Exploiting this vulnerability will allow an attacker to read local files with the XSL extension.
According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?
The attacker's operation is performed with an impersonation as IUSR
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Foundation 2013 Service Pack 1 | ||
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.1 High
CVSS3
Связанные уязвимости
Microsoft SharePoint Server Spoofing Vulnerability
Уязвимость пакетов программ Microsoft SharePoint Server, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
EPSS
8.1 High
CVSS3