Lucene search
HistoryOct 09, 2013 - 2:53 p.m.
CVE-2013-3895
microsoft
sharepoint
server
2007
2010
clickjacking
vulnerability
nvd
cve-2013-3895
6.7 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.165 Low
EPSS
Percentile
96.0%
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka “Parameter Injection Vulnerability.”
Affected configurations
Node
microsoftoffice_web_appsMatch2010
Node
microsoftsharepoint_serverMatch2007sp3
ORmicrosoftsharepoint_serverMatch2010sp1
ORmicrosoftsharepoint_serverMatch2010sp2
ORmicrosoftsharepoint_serverMatch2013
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft:office_web_apps | microsoft office web apps | eq | 2010 |
References
Related
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Server Parameter Injection (MS13-084; CVE-2013-3895)
2013-10-08 00:00:00
prion
prion
Code injection
2013-10-09 14:53:00
nvd
nvd
CVE-2013-3895
2013-10-09 14:53:25
symantec
symantec
Microsoft SharePoint CVE-2013-3895 Clickjacking Vulnerability
2013-10-08 00:00:00
cvelist
cvelist
CVE-2013-3895
2013-10-09 14:44:00
openvas
openvas
Microsoft Office Web Apps Remote Code Execution vulnerability (2885089)
2013-10-09 00:00:00
Microsoft Office Services Remote Code Execution vulnerability (2885089)
2013-10-09 00:00:00
mskb
mskb
securityvulns
securityvulns
Microsoft Sharepoint security vulnerabilities
2013-10-09 00:00:00
nessus
nessus
6.7 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.165 Low
EPSS
Percentile
96.0%
Related for CVE-2013-3895