Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-1892
HistorySep 15, 2011 - 12:26 p.m.

CVE-2011-1892

2011-09-1512:26:00
CWE-200
[email protected]
web.nvd.nist.gov
50
cve-2011-1892
microsoft office
groove 2007
sharepoint workspace 2010
sharepoint server 2007
sharepoint server 2010
xml
xsl
remote file disclosure vulnerability

5.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.074 Low

EPSS

Percentile

94.0%

JSON

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka β€œSharePoint Remote File Disclosure Vulnerability.”

Related

packetstorm 1
seebug 2
exploitpack 1
checkpoint_advisories 1
prion 1
securityvulns 2
cvelist 1
exploitdb 1
openvas 2
nessus 1
mskb 1
packetstorm
packetstorm
SharePoint 2007 / 2010 And DotNetNuke File Disclosure
2011-09-21 00:00:00
seebug
seebug
SharePoint 2007/2010 and DotNetNuke < 6 - File disclosure via XEE
2014-07-01 00:00:00
Microsoft SharePoint XMLε€„η†θΏœη¨‹ζ–‡δ»Άζ³„ιœ²ζΌζ΄ž
2011-10-21 00:00:00
exploitpack
exploitpack
SharePoint 20072010 and DotNetNuke 6 - File Disclosure (via XEE)
2011-09-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Server XML Rollup Information Disclosure (MS11-074; CVE-2011-1892)
2011-09-13 00:00:00
prion
prion
Arbitrary file deletion
2011-09-15 12:26:00
securityvulns
securityvulns
XEE vulnerabilities in SharePoint &#40;MS11-074&#41; and DotNetNuke
2011-09-20 00:00:00
Microsoft Sharepoint multiple security vulnerabilities
2011-09-20 00:00:00
cvelist
cvelist
CVE-2011-1892
2011-09-15 10:00:00
exploitdb
exploitdb
SharePoint 2007/2010 and DotNetNuke &lt; 6 - File Disclosure (via XEE)
2011-09-20 00:00:00
openvas
openvas
Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
2011-09-14 00:00:00
Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
2011-09-14 00:00:00
nessus
nessus
MS11-074: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
2011-09-14 00:00:00
mskb
mskb
MS11-074: Vulnerabilities in Microsoft SharePoint could allow elevation of privilege: September 13, 2011
2011-09-13 00:00:00

5.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.074 Low

EPSS

Percentile

94.0%

JSON
Related for CVE-2011-1892
packetstorm1seebug2exploitpack1checkpoint_advisories1prion1securityvulns2cvelist1exploitdb1openvas2nessus1mskb1