PT-2013-2088 · Microsoft · Sharepoint Server 2010 Sp1+2

Moritz Jodeit

Publicado

2013-03-12

Atualizado

2018-10-12

CVE-2013-0084

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2010 SP1 Microsoft SharePoint Foundation 2010 SP1

Description The issue allows remote attackers to bypass intended read restrictions for content and hijack user accounts via a crafted URL. An elevation of privilege exists, which could allow an attacker to elevate their access to the server after obtaining sensitive system data.

Recommendations For Microsoft SharePoint Server 2010 SP1, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation 2010 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive system data to minimize the risk of exploitation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2013-0084

Produtos afetados

Sharepoint Foundation 2010 Sp1

Sharepoint Server 2010 Sp1

Sharepoint Foundation

PT-2013-2088 · Microsoft · Sharepoint Server 2010 Sp1+2

CVE-2013-0084

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7