PT-2013-2088 · Microsoft · Sharepoint Server 2010 Sp1+2

Moritz Jodeit

Published

2013-03-12

Updated

2018-10-12

CVE-2013-0084

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server 2010 SP1 Microsoft SharePoint Foundation 2010 SP1

Description The issue allows remote attackers to bypass intended read restrictions for content and hijack user accounts via a crafted URL. An elevation of privilege exists, which could allow an attacker to elevate their access to the server after obtaining sensitive system data.

Recommendations For Microsoft SharePoint Server 2010 SP1, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation 2010 SP1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive system data to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2013-0084

Affected Products

Sharepoint Foundation 2010 Sp1

Sharepoint Server 2010 Sp1

Sharepoint Foundation

PT-2013-2088 · Microsoft · Sharepoint Server 2010 Sp1+2

CVE-2013-0084

Weakness Enumeration

Related Identifiers

Affected Products

References · 7