Описание
Microsoft SharePoint Information Disclosure Vulnerability
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
FAQ
What type of information could be disclosed through this issue?
The vulnerability may allow limited exposure of data returned from outbound requests SharePoint makes on the attacker’s behalf, such as external HTTP responses or basic network metadata, but not internal network content or sensitive server information.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), and integrity (I:L) but lead to no loss of availability (A:N). What is the impact of this vulnerability?
An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality), make changes to disclosed information (Integrity), but cannot limit access to the resource (Availability).
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft SharePoint Server 2019 | ||
| Microsoft SharePoint Server Subscription Edition |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
Уязвимость пакетов программ Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition и Microsoft SharePoint Enterprise Server, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.4 Medium
CVSS3