2013-04-09 This security update resolves a publicly disclosed vulnerability in Microsoft SharePoint Server. The vulnerability could allow information disclosure if an attacker determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability.
Vulnerabilities addressed in this bulletin:
Incorrect Access Rights Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that SharePoint Server enforces access controls on specific SharePoint Lists.
CVE-2013-1290

Bulletin details at Microsoft.com

Related CVE Entries

Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
Max CVSS
3.5
EPSS Score
0.54%
Published
2013-04-09
Updated
2018-10-12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!