CVE-2015-6117

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2013 SP1 Microsoft SharePoint Foundation 2013 SP1

Description The issue exists due to inadequate protection of the web page structure in Microsoft SharePoint, allowing a remote attacker to bypass existing access control policies and conduct cross-site scripting (XSS) attacks by modifying web elements. This could enable the attacker to read unauthorized content, perform actions on the SharePoint site as the user, such as changing permissions, deleting content, and injecting malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server 2013 SP1, update the Access Control Policy configuration settings to enforce correct restrictions. For Microsoft SharePoint Foundation 2013 SP1, ensure that the ACP configuration settings are properly enforced to prevent security feature bypasses. As a temporary workaround, consider restricting access to sensitive web parts until a patch is available.