Lucene search

[email protected]CVE-2013-1290

HistoryApr 09, 2013 - 10:55 p.m.

CVE-2013-1290

2013-04-0922:55:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-1290

microsoft

sharepoint server 2013

access controls

information disclosure

vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

JSON

Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list’s location, aka “Incorrect Access Rights Information Disclosure Vulnerability.”

Affected configurations

NVD

Node

microsoftsharepoint_serverMatch2013

CPENameOperatorVersion
microsoft:sharepoint_servermicrosoft sharepoint servereq2013

CPE	Name	Operator	Version
microsoft:sharepoint_server	microsoft sharepoint server	eq	2013

References

www.us-cert.gov/ncas/alerts/TA13-100A

docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-030

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15758

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

JSON

Related for CVE-2013-1290

nessus1 securityvulns1 prion1 symantec1 openvas1 cvelist1 nvd1 mskb1