Lucene search

PRIOn knowledge basePRION:CVE-2012-1860

HistoryJul 10, 2012 - 9:55 p.m.

Design/Logic Flaw

2012-07-1021:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

64.6%

JSON

Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka “SharePoint Search Scope Vulnerability.”

CPENameOperatorVersion
office_web_appseq2010
office_web_appseq2010 sp1
sharepoint_servereq2007 sp3
sharepoint_servereq2007 sp2
sharepoint_servereq2010 sp1
sharepoint_servereq2007 sp1
sharepoint_servereq2010

Name	Operator	Version
office_web_apps	eq	2010
office_web_apps	eq	2010 sp1
sharepoint_server	eq	2007 sp3
sharepoint_server	eq	2007 sp2
sharepoint_server	eq	2010 sp1
sharepoint_server	eq	2007 sp1
sharepoint_server	eq	2010

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265

6.8 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

64.6%

JSON

Related for PRION:CVE-2012-1860