Kaspersky LabKLA10561KLA10561 Code injection vulnerability in Microsoft Sharepoint
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.15 Low
EPSS
Percentile
95.7%
Detect date:
04/14/2015
Severity:
Warning
Description:
An XSS vulnerabilities were found in Microsoft Sharepoint. By exploiting these vulnerabilities malicious users can inject arbitrary scripts. These vulnerabilities can be exploited remotely via a specially designed request.
Affected products:
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
MS15-036
CVE-2015-1653
CVE-2015-1640
Impacts:
CI
Related products:
CVE-IDS:
CVE-2015-16534.3Warning
CVE-2015-16404.3Warning
Microsoft official advisories:
KB list:
References
support.microsoft.com/kb/2965219
support.microsoft.com/kb/2965278
support.microsoft.com/kb/2965302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1640
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1653
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1640
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-1653
statistics.securelist.com/vulnerability-scan/month
technet.microsoft.com/en-us/library/security/ms15-036
threats.kaspersky.com/en/product/Microsoft-Sharepoint-Server/
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.15 Low
EPSS
Percentile
95.7%