Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2011-1892
HistorySep 15, 2011 - 12:26 p.m.

CVE-2011-1892

2011-09-1512:26:48
CWE-200
[email protected]
web.nvd.nist.gov
8

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.089

Percentile

94.6%

JSON

Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka β€œSharePoint Remote File Disclosure Vulnerability.”

Affected configurations

Nvd
Node
microsoftforms_serverMatch2007sp2x32
OR
microsoftforms_serverMatch2007sp2x64
OR
microsoftgrooveMatch2007sp2
OR
microsoftgroove_data_bridge_serverMatch2007sp2
OR
microsoftgroove_management_serverMatch2007sp2
OR
microsoftgroove_serverMatch2010
OR
microsoftgroove_serverMatch2010sp1
OR
microsoftoffice_web_appsMatch2010
OR
microsoftoffice_web_appsMatch2010sp1
OR
microsoftsharepoint_foundationMatch2010
OR
microsoftsharepoint_serverMatch2007sp2x32
OR
microsoftsharepoint_serverMatch2007sp2x64
OR
microsoftsharepoint_serverMatch2010
OR
microsoftsharepoint_serverMatch2010sp1
OR
microsoftsharepoint_servicesMatch3.0sp2x32
OR
microsoftsharepoint_servicesMatch3.0sp2x64
OR
microsoftsharepoint_workspaceMatch2010x32
OR
microsoftsharepoint_workspaceMatch2010x64
OR
microsoftsharepoint_workspaceMatch2010sp1x32
OR
microsoftsharepoint_workspaceMatch2010sp1x64
VendorProductVersionCPE
microsoftforms_server2007cpe:2.3:a:microsoft:forms_server:2007:sp2:x32:*:*:*:*:*
microsoftforms_server2007cpe:2.3:a:microsoft:forms_server:2007:sp2:x64:*:*:*:*:*
microsoftgroove2007cpe:2.3:a:microsoft:groove:2007:sp2:*:*:*:*:*:*
microsoftgroove_data_bridge_server2007cpe:2.3:a:microsoft:groove_data_bridge_server:2007:sp2:*:*:*:*:*:*
microsoftgroove_management_server2007cpe:2.3:a:microsoft:groove_management_server:2007:sp2:*:*:*:*:*:*
microsoftgroove_server2010cpe:2.3:a:microsoft:groove_server:2010:*:*:*:*:*:*:*
microsoftgroove_server2010cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*
microsoftoffice_web_apps2010cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*
microsoftsharepoint_foundation2010cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*
Rows per page:
1-10 of 201

Related

securityvulns 2
cvelist 1
exploitdb 1
prion 1
checkpoint_advisories 1
exploitpack 1
packetstorm 1
seebug 2
cve 1
zdt 1
nessus 1
openvas 2
mskb 1
securityvulns
securityvulns
XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke
2011-09-20 00:00:00
Microsoft Sharepoint multiple security vulnerabilities
2011-09-20 00:00:00
cvelist
cvelist
CVE-2011-1892
2011-09-15 10:00:00
exploitdb
exploitdb
SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)
2011-09-20 00:00:00
prion
prion
Arbitrary file deletion
2011-09-15 12:26:00
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Server XML Rollup Information Disclosure (MS11-074; CVE-2011-1892)
2011-09-13 00:00:00
exploitpack
exploitpack
SharePoint 20072010 and DotNetNuke 6 - File Disclosure (via XEE)
2011-09-20 00:00:00
packetstorm
packetstorm
SharePoint 2007 / 2010 And DotNetNuke File Disclosure
2011-09-21 00:00:00
seebug
seebug
SharePoint 2007/2010 and DotNetNuke < 6 - File disclosure via XEE
2014-07-01 00:00:00
Microsoft SharePoint XMLε€„η†θΏœη¨‹ζ–‡δ»Άζ³„ιœ²ζΌζ΄ž
2011-10-21 00:00:00
cve
cve
CVE-2011-1892
2011-09-15 12:26:48
zdt
zdt
File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6
2011-09-19 00:00:00
nessus
nessus
MS11-074: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
2011-09-14 00:00:00
openvas
openvas
Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
2011-09-14 00:00:00
Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)
2011-09-14 00:00:00
mskb
mskb
MS11-074: Vulnerabilities in Microsoft SharePoint could allow elevation of privilege: September 13, 2011
2011-09-13 00:00:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.089

Percentile

94.6%

JSON
Related for NVD:CVE-2011-1892
securityvulns2cvelist1exploitdb1prion1checkpoint_advisories1exploitpack1packetstorm1seebug2cve1zdt1nessus1openvas2mskb1