CVE-2012-1860

2012-07-1021:55:00

CWE-264

[email protected]

web.nvd.nist.gov

sharepoint

microsoft office

cve-2012-1860

security

vulnerability

sharepoint server 2007

sharepoint server 2010

office web apps 2010

6.5 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

54.6%

JSON

Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka “SharePoint Search Scope Vulnerability.”

CPENameOperatorVersion
microsoft:sharepoint_servermicrosoft sharepoint servereq2007
microsoft:sharepoint_servermicrosoft sharepoint servereq2010
microsoft:office_web_appsmicrosoft office web appseq2010

CPE	Name	Operator	Version
microsoft:sharepoint_server	microsoft sharepoint server	eq	2007
microsoft:sharepoint_server	microsoft sharepoint server	eq	2010
microsoft:office_web_apps	microsoft office web apps	eq	2010