Vulnerabilites related to microsoft - sharepoint_foundation
CVE-2015-2522 (GCVE-0-2015-2522)
Vulnerability from cvelistv5
Published
2015-09-09 00:00
Modified
2024-08-06 05:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | x_refsource_CONFIRM | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1033489 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:17:27.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { name: "MS15-099", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099", }, { name: "1033489", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033489", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-09-08T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka \"Microsoft SharePoint XSS Spoofing Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { name: "MS15-099", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099", }, { name: "1033489", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033489", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-2522", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka \"Microsoft SharePoint XSS Spoofing Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { name: "MS15-099", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099", }, { name: "1033489", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033489", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-2522", datePublished: "2015-09-09T00:00:00", dateReserved: "2015-03-19T00:00:00", dateUpdated: "2024-08-06T05:17:27.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-1717 (GCVE-0-2021-1717)
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1717 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1717", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:45.321Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1717", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1717", datePublished: "2021-01-12T19:42:45", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-10-08T16:17:45.321Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-34519 (GCVE-0-2021-34519)
Vulnerability from cvelistv5
Published
2021-07-14 17:54
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-830/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5188.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.375Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-830/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5188.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5363.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5363.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:42.155Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-830/", }, ], title: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34519", datePublished: "2021-07-14T17:54:34", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-04T00:12:50.375Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8572 (GCVE-0-2018-8572)
Vulnerability from cvelistv5
Published
2018-11-14 01:00
Modified
2024-08-05 07:02
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105831 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server |
Version: 2019 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:02:25.886Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105831", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105831", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2016", }, { status: "affected", version: "Foundation 2013 Service Pack 1", }, ], }, ], datePublic: "2018-11-13T00:00:00", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-14T10:57:02", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "105831", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105831", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8572", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2016", }, { version_value: "Foundation 2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "105831", refsource: "BID", url: "http://www.securityfocus.com/bid/105831", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8572", datePublished: "2018-11-14T01:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T07:02:25.886Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-43242 (GCVE-0-2021-43242)
Vulnerability from cvelistv5
Published
2021-12-15 14:15
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5254.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:55:27.377Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5254.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10381.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20620", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-12-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:44:44.193Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-43242", datePublished: "2021-12-15T14:15:23", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-08-04T03:55:27.377Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1443 (GCVE-0-2020-1443)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.331Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-14T22:54:45", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1443", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1443", datePublished: "2020-07-14T22:54:45", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.331Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0778 (GCVE-0-2019-0778)
Vulnerability from cvelistv5
Published
2019-04-09 02:06
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.099Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], datePublic: "2019-03-12T00:00:00", descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Tampering", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-09T02:06:22", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0778", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Tampering", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0778", datePublished: "2019-04-09T02:06:22", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:59.099Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-0144 (GCVE-0-2012-0144)
Vulnerability from cvelistv5
Published
2012-02-14 22:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-045A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14386 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:16:18.957Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA12-045A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { name: "oval:org.mitre.oval:def:14386", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14386", }, { name: "MS12-011", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-02-14T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in themeweb.aspx Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA12-045A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { name: "oval:org.mitre.oval:def:14386", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14386", }, { name: "MS12-011", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-0144", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in themeweb.aspx Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA12-045A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { name: "oval:org.mitre.oval:def:14386", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14386", }, { name: "MS12-011", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-0144", datePublished: "2012-02-14T22:00:00", dateReserved: "2011-12-13T00:00:00", dateUpdated: "2024-08-06T18:16:18.957Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-8745 (GCVE-0-2017-8745)
Vulnerability from cvelistv5
Published
2017-09-13 01:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100753 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft SharePoint Foundation 2013 Service Pack 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:48:21.909Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "100753", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100753", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft SharePoint Foundation 2013 Service Pack 1", }, ], }, ], datePublic: "2017-09-12T00:00:00", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Cross Site Scripting Vulnerability\".", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-13T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "100753", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100753", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2017-09-12T00:00:00", ID: "CVE-2017-8745", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft SharePoint Foundation 2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Cross Site Scripting Vulnerability\".", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "100753", refsource: "BID", url: "http://www.securityfocus.com/bid/100753", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-8745", datePublished: "2017-09-13T01:00:00Z", dateReserved: "2017-05-03T00:00:00", dateUpdated: "2024-09-17T00:16:20.906Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-24472 (GCVE-0-2022-24472)
Vulnerability from cvelistv5
Published
2022-04-15 19:02
Modified
2025-01-02 18:51
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5305.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-24472", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T16:33:28.685691Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-01T16:33:40.461Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T04:13:55.687Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5305.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10385.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20196", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5305.1000", status: "affected", version: "16.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5441.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5305.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10385.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20196", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5305.1000", versionStartIncluding: "16.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5441.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-04-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:51:46.205Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24472", datePublished: "2022-04-15T19:02:57", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T18:51:46.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-1289 (GCVE-0-2013-1289)
Vulnerability from cvelistv5
Published
2013-04-09 22:00
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/ncas/alerts/TA13-100A | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:04.654Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA13-100A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { name: "oval:org.mitre.oval:def:16599", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, { name: "MS13-035", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-04-09T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA13-100A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { name: "oval:org.mitre.oval:def:16599", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, { name: "MS13-035", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-1289", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA13-100A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { name: "oval:org.mitre.oval:def:16599", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, { name: "MS13-035", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-1289", datePublished: "2013-04-09T22:00:00", dateReserved: "2013-01-12T00:00:00", dateUpdated: "2024-08-06T14:57:04.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1103 (GCVE-0-2020-1103)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T22:53:07", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1103", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1103", datePublished: "2020-05-21T22:53:08", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0136 (GCVE-0-2016-0136)
Vulnerability from cvelistv5
Published
2016-04-12 23:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | vendor-advisory, x_refsource_MS | |
| https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224 | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securitytracker.com/id/1035525 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035524 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:08:13.504Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-042", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042", }, { name: "20160412 Microsoft Excel Uninitialized Pointer Memory Corruption Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred", ], url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224", }, { name: "1035525", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035525", }, { name: "1035524", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035524", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-042", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042", }, { name: "20160412 Microsoft Excel Uninitialized Pointer Memory Corruption Vulnerability", tags: [ "third-party-advisory", "x_refsource_IDEFENSE", ], url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224", }, { name: "1035525", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035525", }, { name: "1035524", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035524", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-0136", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-042", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042", }, { name: "20160412 Microsoft Excel Uninitialized Pointer Memory Corruption Vulnerability", refsource: "IDEFENSE", url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224", }, { name: "1035525", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035525", }, { name: "1035524", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035524", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-0136", datePublished: "2016-04-12T23:00:00", dateReserved: "2015-12-04T00:00:00", dateUpdated: "2024-08-05T22:08:13.504Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1036 (GCVE-0-2019-1036)
Vulnerability from cvelistv5
Published
2019-06-12 13:49
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Project Server |
Version: 2010 Service Pack 2 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:31.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Project Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-12T13:49:40", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1036", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Project Server", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1036", datePublished: "2019-06-12T13:49:40", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:06:31.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0972 (GCVE-0-2020-0972)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.648Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:13:09", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0972", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0972", datePublished: "2020-04-15T15:13:09", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-34467 (GCVE-0-2021-34467)
Vulnerability from cvelistv5
Published
2021-07-16 20:19
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34467 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5188.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.210Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34467", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5188.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10376.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5363.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:40.612Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34467", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34467", datePublished: "2021-07-16T20:19:53", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-04T00:12:50.210Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16952 (GCVE-0-2020-16952)
Vulnerability from cvelistv5
Published
2020-10-16 22:18
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:20:22.131Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-Code-Execution.html", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16952", datePublished: "2020-10-16T22:18:03", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31965 (GCVE-0-2021-31965)
Vulnerability from cvelistv5
Published
2021-06-08 22:46
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5173.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:31.457Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5173.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10375.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5353.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-06-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:55:36.219Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965", }, ], title: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31965", datePublished: "2021-06-08T22:46:31", dateReserved: "2021-04-30T00:00:00", dateUpdated: "2024-08-03T23:10:31.457Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1295 (GCVE-0-2019-1295)
Vulnerability from cvelistv5
Published
2019-09-11 21:25
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2010 Service Pack 2 Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.374Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-11T21:25:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1295", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1295", datePublished: "2019-09-11T21:25:01", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-44690 (GCVE-0-2022-44690)
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-01-02 21:36
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44690 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 5373.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:54:04.053Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44690", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "5373.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5511.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "10393.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "15601.20316", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5511.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "5373.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "5511.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "10393.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "15601.20316", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "5511.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-12-13T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:36:43.458Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44690", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-44690", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2025-01-02T21:36:43.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1106 (GCVE-0-2020-1106)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2025-02-28 20:32
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106 | x_refsource_MISC | |
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1106", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:32:39.674458Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:32:51.980Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-23T14:06:05.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106", }, { tags: [ "x_refsource_MISC", ], url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1106", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106", }, { name: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106", refsource: "MISC", url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1106", datePublished: "2020-05-21T22:53:09.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:32:51.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8252 (GCVE-0-2018-8252)
Vulnerability from cvelistv5
Published
2018-06-14 12:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104317 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041106 | vdb-entry, x_refsource_SECTRACK | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint |
Version: Enterprise Server 2016 Version: Foundation 2013 Service Pack 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:13.813Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104317", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104317", }, { name: "1041106", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041106", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2016", }, { status: "affected", version: "Foundation 2013 Service Pack 1", }, ], }, ], datePublic: "2018-06-14T00:00:00", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "104317", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104317", }, { name: "1041106", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041106", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8252", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2016", }, { version_value: "Foundation 2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "104317", refsource: "BID", url: "http://www.securityfocus.com/bid/104317", }, { name: "1041106", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041106", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8252", datePublished: "2018-06-14T12:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:46:13.813Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1653 (GCVE-0-2015-1653)
Vulnerability from cvelistv5
Published
2015-04-14 20:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032111 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:47:17.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032111", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032111", }, { name: "MS15-036", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-04-14T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1032111", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032111", }, { name: "MS15-036", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-1653", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032111", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032111", }, { name: "MS15-036", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-1653", datePublished: "2015-04-14T20:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:47:17.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1595 (GCVE-0-2020-1595)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-11-18 16:16
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.503Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-1595", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-10T18:51:10.715822Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T16:16:36.616Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 9.9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:35:01.352Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1595", datePublished: "2020-09-11T17:09:27", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-11-18T16:16:36.616Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-1315 (GCVE-0-2013-1315)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:04.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:18950", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, { name: "MS13-073", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { name: "oval:org.mitre.oval:def:18333", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { name: "oval:org.mitre.oval:def:18543", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:18950", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, { name: "MS13-073", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { name: "oval:org.mitre.oval:def:18333", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { name: "oval:org.mitre.oval:def:18543", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-1315", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:18950", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, { name: "MS13-073", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { name: "oval:org.mitre.oval:def:18333", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { name: "oval:org.mitre.oval:def:18543", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-1315", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-01-12T00:00:00", dateUpdated: "2024-08-06T14:57:04.977Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0081 (GCVE-0-2013-0081)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:10:56.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:19036", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka \"SharePoint Denial of Service Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:19036", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-0081", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka \"SharePoint Denial of Service Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:19036", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-0081", datePublished: "2013-09-11T10:00:00", dateReserved: "2012-11-27T00:00:00", dateUpdated: "2024-08-06T14:10:56.674Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1575 (GCVE-0-2020-1575)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1575 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Foundation 2013 Service Pack 1 |
Version: 15.0.0 < publication cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:* |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.556Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1575", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:12.531Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1575", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1575", datePublished: "2020-09-11T17:09:23", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.556Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17061 (GCVE-0-2020-17061)
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-11-15 16:11
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17061 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.292Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17061", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-17061", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:11:24.985385Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T16:11:35.722Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:52:00.496Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17061", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17061", datePublished: "2020-11-11T06:48:22", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-11-15T16:11:35.722Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-1859 (GCVE-0-2012-1859)
Vulnerability from cvelistv5
Published
2012-07-10 21:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-192A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:08:38.735Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15589", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-07-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"XSS scriptresx.ashx Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15589", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-1859", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"XSS scriptresx.ashx Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA12-192A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15589", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-1859", datePublished: "2012-07-10T21:00:00", dateReserved: "2012-03-22T00:00:00", dateUpdated: "2024-08-06T19:08:38.735Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-35823 (GCVE-0-2022-35823)
Vulnerability from cvelistv5
Published
2022-09-13 00:00
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:44:22.096Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:13.222Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-35823", datePublished: "2022-09-13T00:00:00", dateReserved: "2022-07-13T00:00:00", dateUpdated: "2025-03-11T16:10:13.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0951 (GCVE-0-2019-0951)
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0951 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Foundation |
Version: 2010 Service Pack 2 Version: 2013 Service Pack 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0951", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T18:17:03", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0951", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0951", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0951", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0951", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0951", datePublished: "2019-05-16T18:17:03", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:59.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41037 (GCVE-0-2022-41037)
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-01-02 21:27
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41037 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5365.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.216Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41037", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5365.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10391.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20158", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5365.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10391.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20158", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-10-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:27:16.131Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41037", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41037", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:27:16.131Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-21837 (GCVE-0-2022-21837)
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21837 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5266.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:36.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21837", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5266.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10382.20004", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20714", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5415.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5266.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10382.20004", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20714", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5415.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:22:49.319Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21837", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21837", datePublished: "2022-01-11T20:22:17", dateReserved: "2021-12-14T00:00:00", dateUpdated: "2025-01-02T18:22:49.319Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-1891 (GCVE-0-2011-1891)
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 22:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:45:59.933Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:12864", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864", }, { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-09-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka \"Contact Details Reflected XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:12864", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864", }, { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2011-1891", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka \"Contact Details Reflected XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:12864", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864", }, { name: "MS11-074", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "TA11-256A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2011-1891", datePublished: "2011-09-15T10:00:00", dateReserved: "2011-05-04T00:00:00", dateUpdated: "2024-08-06T22:45:59.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31966 (GCVE-0-2021-31966)
Vulnerability from cvelistv5
Published
2021-06-08 22:46
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5173.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:31.512Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5173.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5353.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10375.20000", status: "affected", version: "16.0.0", versionType: "custom", }, { lessThan: "15.0.5353.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5353.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-06-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:55:36.776Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31966", datePublished: "2021-06-08T22:46:32", dateReserved: "2021-04-30T00:00:00", dateUpdated: "2024-08-03T23:10:31.512Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17017 (GCVE-0-2020-17017)
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:51
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17017 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.890Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17017", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:51:42.247Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17017", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17017", datePublished: "2020-11-11T06:48:05", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-09-10T15:51:42.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0952 (GCVE-0-2019-0952)
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0952 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.566Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0952", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T18:17:03", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0952", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0952", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0952", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0952", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0952", datePublished: "2019-05-16T18:17:03", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:59.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1181 (GCVE-0-2020-1181)
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-694/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.187Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-694/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T20:06:08", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-694/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1181", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-20-694/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-20-694/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1181", datePublished: "2020-06-09T19:43:19", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.187Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-0251 (GCVE-0-2014-0251)
Vulnerability from cvelistv5
Published
2014-05-14 10:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1030227 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:39.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS14-022", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, { name: "1030227", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030227", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-05-13T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka \"SharePoint Page Content Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS14-022", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, { name: "1030227", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030227", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2014-0251", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka \"SharePoint Page Content Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS14-022", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, { name: "1030227", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030227", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2014-0251", datePublished: "2014-05-14T10:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:39.382Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1069 (GCVE-0-2020-1069)
Vulnerability from cvelistv5
Published
2020-05-21 22:52
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069 | x_refsource_MISC | |
| https://nvidia.custhelp.com/app/answers/detail/a_id/5147 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:00.849Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5147", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-25T22:06:11", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5147", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1069", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069", }, { name: "https://nvidia.custhelp.com/app/answers/detail/a_id/5147", refsource: "CONFIRM", url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5147", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1069", datePublished: "2020-05-21T22:52:57", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:00.849Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-24071 (GCVE-0-2021-24071)
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24071 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:21:18.256Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24071", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:31.870Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24071", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-24071", datePublished: "2021-02-25T23:01:36", dateReserved: "2021-01-13T00:00:00", dateUpdated: "2024-08-03T19:21:18.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-21987 (GCVE-0-2022-21987)
Vulnerability from cvelistv5
Published
2022-02-09 16:36
Modified
2025-01-02 18:28
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21987 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5278.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.737Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21987", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5278.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5423.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10383.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20742", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5278.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5423.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10383.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20742", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-02-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:28:04.882Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21987", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21987", datePublished: "2022-02-09T16:36:34", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:28:04.882Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-1890 (GCVE-0-2011-1890)
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 22:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:45:59.957Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "oval:org.mitre.oval:def:12788", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-09-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka \"Editform Script Injection Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "oval:org.mitre.oval:def:12788", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2011-1890", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka \"Editform Script Injection Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS11-074", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "oval:org.mitre.oval:def:12788", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788", }, { name: "TA11-256A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2011-1890", datePublished: "2011-09-15T10:00:00", dateReserved: "2011-05-04T00:00:00", dateUpdated: "2024-08-06T22:45:59.957Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-38651 (GCVE-0-2021-38651)
Vulnerability from cvelistv5
Published
2021-09-15 11:24
Modified
2024-08-04 01:51
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38651 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 5215.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:18.959Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38651", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "5215.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "10378.20002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5381.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-09-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T19:37:27.998Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38651", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-38651", datePublished: "2021-09-15T11:24:10", dateReserved: "2021-08-13T00:00:00", dateUpdated: "2024-08-04T01:51:18.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1633 (GCVE-0-2015-1633)
Vulnerability from cvelistv5
Published
2015-03-11 10:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1031895 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:47:17.352Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS15-022", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, { name: "1031895", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031895", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-03-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS15-022", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, { name: "1031895", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031895", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-1633", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS15-022", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, { name: "1031895", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031895", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-1633", datePublished: "2015-03-11T10:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:47:17.352Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0963 (GCVE-0-2019-0963)
Vulnerability from cvelistv5
Published
2019-05-16 18:24
Modified
2025-02-28 20:13
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:29.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2019-0963", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T17:32:58.604706Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:13:27.094Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T18:24:57.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0963", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0963", datePublished: "2019-05-16T18:24:57.000Z", dateReserved: "2018-11-26T00:00:00.000Z", dateUpdated: "2025-02-28T20:13:27.094Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-27076 (GCVE-0-2021-27076)
Vulnerability from cvelistv5
Published
2021-03-11 15:50
Modified
2024-11-19 16:09
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-276/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.268Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-276/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-27076", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-09T16:23:17.145107Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T16:09:37.622Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:business_productivity_servers:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Business Productivity Servers 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:09:29.800Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-276/", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-27076", datePublished: "2021-03-11T15:50:53", dateReserved: "2021-02-10T00:00:00", dateUpdated: "2024-11-19T16:09:37.622Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1257 (GCVE-0-2019-1257)
Vulnerability from cvelistv5
Published
2019-09-11 21:24
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2010 Service Pack 2 Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:29.783Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-11T21:24:59", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1257", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1257", datePublished: "2019-09-11T21:24:59", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:29.783Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-3357 (GCVE-0-2016-3357)
Vulnerability from cvelistv5
Published
2016-09-14 10:00
Modified
2024-08-05 23:56
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92786 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036785 | vdb-entry, x_refsource_SECTRACK | |
| https://www.exploit-db.com/exploits/40406/ | exploit, x_refsource_EXPLOIT-DB | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:56:12.987Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "92786", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92786", }, { name: "1036785", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036785", }, { name: "40406", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40406/", }, { name: "MS16-107", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-09-13T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "92786", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92786", }, { name: "1036785", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036785", }, { name: "40406", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40406/", }, { name: "MS16-107", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-3357", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "92786", refsource: "BID", url: "http://www.securityfocus.com/bid/92786", }, { name: "1036785", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036785", }, { name: "40406", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40406/", }, { name: "MS16-107", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-3357", datePublished: "2016-09-14T10:00:00", dateReserved: "2016-03-15T00:00:00", dateUpdated: "2024-08-05T23:56:12.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-28478 (GCVE-0-2021-28478)
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2025-02-28 20:57
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5161.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:31.781Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-28478", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:53.827547Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290 Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:57:19.987Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5161.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10374.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5345.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:57:10.504Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28478", datePublished: "2021-05-11T19:11:17.000Z", dateReserved: "2021-03-15T00:00:00.000Z", dateUpdated: "2025-02-28T20:57:19.987Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0924 (GCVE-0-2020-0924)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:10
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-0924", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:14:10.764859Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:10:53.983Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:49.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0924", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0924", datePublished: "2020-04-15T15:12:49.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:10:53.983Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0084 (GCVE-0-2013-0084)
Vulnerability from cvelistv5
Published
2013-03-13 00:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-071A | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:07.771Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-024", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { name: "oval:org.mitre.oval:def:16445", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-12T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"SharePoint Directory Traversal Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-024", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { name: "oval:org.mitre.oval:def:16445", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-0084", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"SharePoint Directory Traversal Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-024", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "TA13-071A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { name: "oval:org.mitre.oval:def:16445", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-0084", datePublished: "2013-03-13T00:00:00", dateReserved: "2012-11-27T00:00:00", dateUpdated: "2024-08-06T14:18:07.771Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0925 (GCVE-0-2020-0925)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:10
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-0925", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:07:37.857363Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:10:34.885Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:49.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0925", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0925", datePublished: "2020-04-15T15:12:49.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:10:34.885Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-38053 (GCVE-0-2022-38053)
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-01-02 21:27
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38053 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5365.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:45:52.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38053", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5365.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10391.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20158", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5365.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10391.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20158", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-10-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:27:43.749Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38053", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-38053", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2025-01-02T21:27:43.749Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1482 (GCVE-0-2020-1482)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:59.064Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1482", datePublished: "2020-09-11T17:09:19", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.324Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-34520 (GCVE-0-2021-34520)
Vulnerability from cvelistv5
Published
2021-07-14 17:54
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34520 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-828/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5188.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.377Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34520", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-828/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5188.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10376.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5363.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:43.137Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34520", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-828/", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34520", datePublished: "2021-07-14T17:54:35", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-04T00:12:50.377Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-6117 (GCVE-0-2015-6117)
Vulnerability from cvelistv5
Published
2016-01-13 02:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2016-0011.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034653 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:15:12.916Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-004", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, { name: "1034653", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034653", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka \"Microsoft SharePoint Security Feature Bypass,\" a different vulnerability than CVE-2016-0011.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-004", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, { name: "1034653", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034653", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-6117", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka \"Microsoft SharePoint Security Feature Bypass,\" a different vulnerability than CVE-2016-0011.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-004", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, { name: "1034653", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034653", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-6117", datePublished: "2016-01-13T02:00:00", dateReserved: "2015-08-14T00:00:00", dateUpdated: "2024-08-06T07:15:12.916Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-24066 (GCVE-0-2021-24066)
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24066 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:21:17.281Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24066", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:29.351Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24066", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-24066", datePublished: "2021-02-25T23:01:33", dateReserved: "2021-01-13T00:00:00", dateUpdated: "2024-08-03T19:21:17.281Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1262 (GCVE-0-2019-1262)
Vulnerability from cvelistv5
Published
2019-09-11 21:24
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:29.681Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154591/Microsoft-SharePoint-2013-SP1-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-24T18:06:16", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154591/Microsoft-SharePoint-2013-SP1-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1262", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262", }, { name: "http://packetstormsecurity.com/files/154591/Microsoft-SharePoint-2013-SP1-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154591/Microsoft-SharePoint-2013-SP1-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1262", datePublished: "2019-09-11T21:24:59", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:29.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-1893 (GCVE-0-2011-1893)
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:46:00.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "oval:org.mitre.oval:def:12676", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-09-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "oval:org.mitre.oval:def:12676", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2011-1893", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS11-074", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "oval:org.mitre.oval:def:12676", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676", }, { name: "TA11-256A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2011-1893", datePublished: "2011-09-15T10:00:00", dateReserved: "2011-05-04T00:00:00", dateUpdated: "2024-08-06T22:46:00.833Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31181 (GCVE-0-2021-31181)
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2025-02-28 20:29
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5161.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:53.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-573/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-31181", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:29:08.328520Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:29:15.430Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://packetstorm.news/files/id/163208", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5161.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10374.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5345.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:56:56.829Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-573/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.html", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31181", datePublished: "2021-05-11T19:11:30.000Z", dateReserved: "2021-04-14T00:00:00.000Z", dateUpdated: "2025-02-28T20:29:15.430Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-38008 (GCVE-0-2022-38008)
Vulnerability from cvelistv5
Published
2022-09-13 18:42
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:37:42.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:13.977Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-38008", datePublished: "2022-09-13T18:42:17", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2025-03-11T16:10:13.977Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0670 (GCVE-0-2019-0670)
Vulnerability from cvelistv5
Published
2019-03-06 00:00
Modified
2024-08-04 17:51
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106900 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:51:27.294Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106900", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106900", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], datePublic: "2019-03-05T00:00:00", descriptions: [ { lang: "en", value: "A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-06T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "106900", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106900", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0670", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "106900", refsource: "BID", url: "http://www.securityfocus.com/bid/106900", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0670", datePublished: "2019-03-06T00:00:00", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:51:27.294Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0931 (GCVE-0-2020-0931)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft Business Productivity Servers", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:52", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0931", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2013 Service Pack 1", }, { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft Business Productivity Servers", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0931", datePublished: "2020-04-15T15:12:52", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.608Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-40484 (GCVE-0-2021-40484)
Vulnerability from cvelistv5
Published
2021-10-13 00:27
Modified
2024-08-04 02:44
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40484 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5227.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-40484", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-25T16:03:51.642907Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-25T16:04:01.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T02:44:10.358Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40484", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5227.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10379.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5389.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-10-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:52:33.383Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40484", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-40484", datePublished: "2021-10-13T00:27:34", dateReserved: "2021-09-02T00:00:00", dateUpdated: "2024-08-04T02:44:10.358Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0971 (GCVE-0-2020-0971)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1398/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.641Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-12-04T19:06:10", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0971", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0971", datePublished: "2020-04-15T15:13:09", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.641Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-1330 (GCVE-0-2013-1330)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 14:57
Severity ?
EPSS score ?
Summary
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:05.091Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:19040", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, { name: "MS13-105", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka \"MAC Disabled Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:19040", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, { name: "MS13-105", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-1330", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka \"MAC Disabled Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:19040", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, { name: "MS13-105", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-1330", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-01-12T00:00:00", dateUpdated: "2024-08-06T14:57:05.091Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31950 (GCVE-0-2021-31950)
Vulnerability from cvelistv5
Published
2021-06-08 22:46
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5173.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:31.396Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163080/Microsoft-SharePoint-Server-16.0.10372.20060-Server-Side-Request-Forgery.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5173.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10375.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5353.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-06-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:55:42.791Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163080/Microsoft-SharePoint-Server-16.0.10372.20060-Server-Side-Request-Forgery.html", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31950", datePublished: "2021-06-08T22:46:21", dateReserved: "2021-04-30T00:00:00", dateUpdated: "2024-08-03T23:10:31.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1202 (GCVE-0-2019-1202)
Vulnerability from cvelistv5
Published
2019-08-14 20:55
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.
To exploit this vulnerability, the attacker could run a specially crafted application.
The security update corrects how SharePoint handles session objects to prevent user session hijacking.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:29.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2019-08-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.\nTo exploit this vulnerability, the attacker could run a specially crafted application.\nThe security update corrects how SharePoint handles session objects to prevent user session hijacking.\n", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:51:03.133Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202", }, ], title: "SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1202", datePublished: "2019-08-14T20:55:05", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:29.131Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0933 (GCVE-0-2020-0933)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:09
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.555Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-0933", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:06:33.319279Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:09:34.274Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:53.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0933", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0933", datePublished: "2020-04-15T15:12:53.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:09:34.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1033 (GCVE-0-2019-1033)
Vulnerability from cvelistv5
Published
2019-06-12 13:49
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Project Server |
Version: 2010 Service Pack 2 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:31.507Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Project Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-12T13:49:40", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1033", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Project Server", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1033", datePublished: "2019-06-12T13:49:40", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:06:31.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-28288 (GCVE-0-2023-28288)
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-02-28 21:12
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5391.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:23.849Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/173126/Microsoft-SharePoint-Enterprise-Server-2016-Spoofing.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28288", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:22:34.137105Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:12:06.832Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5391.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5545.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10397.20002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20314", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5545.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5391.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5545.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10397.20002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20314", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5545.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:04:43.398Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28288", datePublished: "2023-04-11T19:13:18.266Z", dateReserved: "2023-03-13T22:23:36.186Z", dateUpdated: "2025-02-28T21:12:06.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1320 (GCVE-0-2020-1320)
Vulnerability from cvelistv5
Published
2020-06-09 19:44
Modified
2025-02-28 20:06
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:32:00.520Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1320", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:11:13.592299Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:06:19.502Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:44:07.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1320", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1320", datePublished: "2020-06-09T19:44:07.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:06:19.502Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-1726 (GCVE-0-2021-1726)
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 16:18
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:27.763Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1726", datePublished: "2021-02-25T23:01:28", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-08-03T16:18:11.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-1861 (GCVE-0-2012-1861)
Vulnerability from cvelistv5
Published
2012-07-10 21:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-192A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:08:38.567Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15544", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-07-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Script in Username Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15544", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-1861", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Script in Username Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA12-192A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15544", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-1861", datePublished: "2012-07-10T21:00:00", dateReserved: "2012-03-22T00:00:00", dateUpdated: "2024-08-06T19:08:38.567Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-2520 (GCVE-0-2012-2520)
Vulnerability from cvelistv5
Published
2012-10-09 21:00
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55797 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.securitytracker.com/id?1027628 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1027626 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1027629 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1027627 | vdb-entry, x_refsource_SECTRACK | |
| http://www.us-cert.gov/cas/techalerts/TA12-283A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id?1027625 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:34:25.841Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "55797", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/55797", }, { name: "oval:org.mitre.oval:def:14976", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, { name: "1027628", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027628", }, { name: "1027626", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027626", }, { name: "1027629", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027629", }, { name: "1027627", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027627", }, { name: "TA12-283A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { name: "MS12-066", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { name: "1027625", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-09T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "55797", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/55797", }, { name: "oval:org.mitre.oval:def:14976", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, { name: "1027628", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027628", }, { name: "1027626", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027626", }, { name: "1027629", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027629", }, { name: "1027627", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027627", }, { name: "TA12-283A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { name: "MS12-066", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { name: "1027625", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027625", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-2520", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "55797", refsource: "BID", url: "http://www.securityfocus.com/bid/55797", }, { name: "oval:org.mitre.oval:def:14976", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, { name: "1027628", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027628", }, { name: "1027626", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027626", }, { name: "1027629", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027629", }, { name: "1027627", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027627", }, { name: "TA12-283A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { name: "MS12-066", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { name: "1027625", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1027625", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-2520", datePublished: "2012-10-09T21:00:00", dateReserved: "2012-05-09T00:00:00", dateUpdated: "2024-08-06T19:34:25.841Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-1712 (GCVE-0-2021-1712)
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1712 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1712", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:30.346Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1712", }, ], title: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1712", datePublished: "2021-01-12T19:42:41", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-10-08T16:17:30.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-41344 (GCVE-0-2021-41344)
Vulnerability from cvelistv5
Published
2021-10-13 00:28
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1224/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5227.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:08:32.204Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1224/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5227.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10379.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5389.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-10-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:52:16.202Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1224/", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-41344", datePublished: "2021-10-13T00:28:03", dateReserved: "2021-09-17T00:00:00", dateUpdated: "2024-08-04T03:08:32.204Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0958 (GCVE-0-2019-0958)
Vulnerability from cvelistv5
Published
2019-05-16 18:24
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.918Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T18:24:56", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0958", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0958", datePublished: "2019-05-16T18:24:56", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:59.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1501 (GCVE-0-2020-1501)
Vulnerability from cvelistv5
Published
2020-08-17 19:13
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1501 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.403Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1501", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-08-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:33:03.488Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1501", }, ], title: "Microsoft SharePoint Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1501", datePublished: "2020-08-17T19:13:17", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3180 (GCVE-0-2013-3180)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:00:10.158Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:19136", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka \"POST XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:19136", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3180", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka \"POST XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:19136", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3180", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-04-17T00:00:00", dateUpdated: "2024-08-06T16:00:10.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-0085 (GCVE-0-2015-0085)
Vulnerability from cvelistv5
Published
2015-03-11 10:00
Modified
2024-08-06 03:55
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031896 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:55:27.975Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1031896", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031896", }, { name: "MS15-022", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-03-10T00:00:00", descriptions: [ { lang: "en", value: "Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1031896", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031896", }, { name: "MS15-022", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-0085", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1031896", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031896", }, { name: "MS15-022", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-0085", datePublished: "2015-03-11T10:00:00", dateReserved: "2014-11-18T00:00:00", dateUpdated: "2024-08-06T03:55:27.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-38652 (GCVE-0-2021-38652)
Vulnerability from cvelistv5
Published
2021-09-15 11:24
Modified
2024-08-04 01:51
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38652 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 5215.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:51:18.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38652", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "5215.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5381.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-09-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T19:37:28.530Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38652", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-38652", datePublished: "2021-09-15T11:24:11", dateReserved: "2021-08-13T00:00:00", dateUpdated: "2024-08-04T01:51:18.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1636 (GCVE-0-2015-1636)
Vulnerability from cvelistv5
Published
2015-03-11 10:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1031895 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:47:17.483Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS15-022", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, { name: "1031895", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031895", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-03-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS15-022", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, { name: "1031895", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031895", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-1636", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS15-022", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, { name: "1031895", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031895", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-1636", datePublished: "2015-03-11T10:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:47:17.483Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31964 (GCVE-0-2021-31964)
Vulnerability from cvelistv5
Published
2021-06-08 22:46
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5173.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-31964", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-25T16:06:02.787898Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-25T16:06:11.796Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T23:10:31.415Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5173.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10375.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5353.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-06-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:55:35.669Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31964", datePublished: "2021-06-08T22:46:30", dateReserved: "2021-04-30T00:00:00", dateUpdated: "2024-08-03T23:10:31.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-1641 (GCVE-0-2021-1641)
Vulnerability from cvelistv5
Published
2021-01-12 19:41
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1641 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:10.874Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1641", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:01.462Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1641", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1641", datePublished: "2021-01-12T19:41:57", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-10-08T16:17:01.462Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31963 (GCVE-0-2021-31963)
Vulnerability from cvelistv5
Published
2021-06-08 22:46
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5173.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:31.317Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5173.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5353.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10375.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5353.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-06-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:55:35.134Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31963", datePublished: "2021-06-08T22:46:30", dateReserved: "2021-04-30T00:00:00", dateUpdated: "2024-08-03T23:10:31.317Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1101 (GCVE-0-2020-1101)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2025-02-28 20:07
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:00.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1101", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:12:21.873962Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:07:50.562Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T22:53:07.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1101", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1101", datePublished: "2020-05-21T22:53:07.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:07:50.562Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16944 (GCVE-0-2020-16944)
Vulnerability from cvelistv5
Published
2020-10-16 22:17
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.</p>
<p>An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions, delete content, steal sensitive information (such as browser cookies) and inject malicious content in the browser of the victim.</p>
<p>For this vulnerability to be exploited, a user must click a specially crafted URL that takes the user to a targeted SharePoint Web App site.</p>
<p>In an email attack scenario, an attacker could exploit the vulnerability by sending an email message containing the specially crafted URL to the user of the targeted SharePoint Web App site and convincing the user to click the specially crafted URL.</p>
<p>In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted URL to the targeted SharePoint Web App site that is used to attempt to exploit these vulnerabilities. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an instant messenger or email message that takes them to the attacker's website, and then convince them to click the specially crafted URL.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes user web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16944 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.710Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16944", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.</p>\n<p>An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions, delete content, steal sensitive information (such as browser cookies) and inject malicious content in the browser of the victim.</p>\n<p>For this vulnerability to be exploited, a user must click a specially crafted URL that takes the user to a targeted SharePoint Web App site.</p>\n<p>In an email attack scenario, an attacker could exploit the vulnerability by sending an email message containing the specially crafted URL to the user of the targeted SharePoint Web App site and convincing the user to click the specially crafted URL.</p>\n<p>In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted URL to the targeted SharePoint Web App site that is used to attempt to exploit these vulnerabilities. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an instant messenger or email message that takes them to the attacker's website, and then convince them to click the specially crafted URL.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes user web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:20:18.601Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16944", }, ], title: "Microsoft SharePoint Reflective XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16944", datePublished: "2020-10-16T22:17:59", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.710Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1443 (GCVE-0-2019-1443)
Vulnerability from cvelistv5
Published
2019-11-12 18:53
Modified
2024-08-04 18:20
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2010 Service Pack 2 Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:20:28.368Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-12T18:53:17", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1443", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1443", datePublished: "2019-11-12T18:53:17", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:20:28.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-29108 (GCVE-0-2022-29108)
Vulnerability from cvelistv5
Published
2022-05-10 20:34
Modified
2025-01-02 18:58
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5317.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:59.392Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29108", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5317.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10386.20011", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20286", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5449.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5317.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10386.20011", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20286", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5449.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-05-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:58:05.719Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-29108", datePublished: "2022-05-10T20:34:11", dateReserved: "2022-04-12T00:00:00", dateUpdated: "2025-01-02T18:58:05.719Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1198 (GCVE-0-2020-1198)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-11-18 16:24
Severity ?
EPSS score ?
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.322Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-1198", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-10T18:38:43.972611Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T16:24:54.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:48.814Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1198", datePublished: "2020-09-11T17:09:06", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-11-18T16:24:54.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1025 (GCVE-0-2020-1025)
Vulnerability from cvelistv5
Published
2020-07-14 22:53
Modified
2024-08-04 06:24
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Skype for Business Server 2019 CU2 |
Version: 7.0.0 < publication cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:* |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:24:59.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Skype for Business Server 2019 CU2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "7.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Skype for Business Server 2015 CU 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "2015 CU 8", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Lync Server 2013", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-07-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.\n", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-28T20:54:51.253Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025", }, ], title: "Microsoft Office Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1025", datePublished: "2020-07-14T22:53:56", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:24:59.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-44693 (GCVE-0-2022-44693)
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-01-02 21:36
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 5373.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:54:04.009Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "5373.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5511.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "10393.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "15601.20316", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "5511.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "5373.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "5511.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "10393.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "15601.20316", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "5511.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-12-13T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:36:45.215Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-44693", datePublished: "2022-12-13T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2025-01-02T21:36:45.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-26418 (GCVE-0-2021-26418)
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2025-02-28 20:57
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5161.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-26418", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:55.040134Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290 Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:57:40.798Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5161.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10374.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5345.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:57:11.010Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26418", datePublished: "2021-05-11T19:11:10.000Z", dateReserved: "2021-01-29T00:00:00.000Z", dateUpdated: "2025-02-28T20:57:40.798Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21742 (GCVE-0-2023-21742)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21742 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5378.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.867Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21742", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21742", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:34.987558Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:44.865Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5378.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5519.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10394.20021", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5519.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5378.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5519.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10394.20021", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5519.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:35:56.619Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21742", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21742", datePublished: "2023-01-10T00:00:00.000Z", dateReserved: "2022-12-13T00:00:00.000Z", dateUpdated: "2025-02-28T21:14:44.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1453 (GCVE-0-2020-1453)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:09.786Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:08.982Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1453", datePublished: "2020-09-11T17:09:17", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:09.786Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1205 (GCVE-0-2020-1205)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
<p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:58.141Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:49.802Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205", }, ], title: "Microsoft SharePoint Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1205", datePublished: "2020-09-11T17:09:07", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:58.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1031 (GCVE-0-2019-1031)
Vulnerability from cvelistv5
Published
2019-06-12 13:49
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1032, CVE-2019-1033, CVE-2019-1036.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2010 Service Pack 2 Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:31.538Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1032, CVE-2019-1033, CVE-2019-1036.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-12T13:49:40", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1031", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1032, CVE-2019-1033, CVE-2019-1036.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1031", datePublished: "2019-06-12T13:49:40", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:06:31.538Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0594 (GCVE-0-2019-0594)
Vulnerability from cvelistv5
Published
2019-03-06 00:00
Modified
2024-08-04 17:51
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106866 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server |
Version: 2010 Service Pack 2 Version: 2019 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:51:27.045Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594", }, { name: "106866", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106866", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], datePublic: "2019-03-05T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-06T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594", }, { name: "106866", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106866", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0594", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594", }, { name: "106866", refsource: "BID", url: "http://www.securityfocus.com/bid/106866", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0594", datePublished: "2019-03-06T00:00:00", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:51:27.045Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31173 (GCVE-0-2021-31173)
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2025-02-28 19:58
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5161.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:53.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-31173", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:51.199575Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T19:58:00.250Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5161.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10374.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5345.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:56:52.757Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173", }, ], title: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31173", datePublished: "2021-05-11T19:11:24.000Z", dateReserved: "2021-04-14T00:00:00.000Z", dateUpdated: "2025-02-28T19:58:00.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8568 (GCVE-0-2018-8568)
Vulnerability from cvelistv5
Published
2018-11-14 01:00
Modified
2025-02-28 20:15
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105829 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1042136 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server |
Version: 2019 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:02:25.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105829", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105829", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568", }, { name: "1042136", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1042136", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2018-8568", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-22T19:17:40.828863Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:15:07.487Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2013 Service Pack 1", }, { status: "affected", version: "Enterprise Server 2016", }, ], }, ], datePublic: "2018-11-13T00:00:00.000Z", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-15T10:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "105829", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105829", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568", }, { name: "1042136", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1042136", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8568", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2013 Service Pack 1", }, { version_value: "Enterprise Server 2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "105829", refsource: "BID", url: "http://www.securityfocus.com/bid/105829", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568", }, { name: "1042136", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1042136", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8568", datePublished: "2018-11-14T01:00:00.000Z", dateReserved: "2018-03-14T00:00:00.000Z", dateUpdated: "2025-02-28T20:15:07.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-23395 (GCVE-0-2023-23395)
Vulnerability from cvelistv5
Published
2023-03-14 16:55
Modified
2025-02-28 20:05
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5387.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:40.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-23395", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:40.790597Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T20:05:17.961Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5387.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5537.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10396.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.16130.20166", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5537.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5387.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5537.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10396.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.16130.20166", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5537.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-03-14T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:48:06.509Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-23395", datePublished: "2023-03-14T16:55:27.140Z", dateReserved: "2023-01-11T22:08:03.136Z", dateUpdated: "2025-02-28T20:05:17.961Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1328 (GCVE-0-2019-1328)
Vulnerability from cvelistv5
Published
2019-10-10 13:28
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2010 Service Pack 2 Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.284Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-10T13:28:41", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1328", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1328", datePublished: "2019-10-10T13:28:41", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.284Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0891 (GCVE-0-2020-0891)
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2025-02-28 20:12
Severity ?
EPSS score ?
Summary
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.466Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-0891", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:15:04.753888Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:12:11.767Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T15:48:54.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0891", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0891", datePublished: "2020-03-12T15:48:54.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:12:11.767Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17015 (GCVE-0-2020-17015)
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:51
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17015 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.747Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17015", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:51:41.177Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17015", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17015", datePublished: "2020-11-11T06:48:04", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-09-10T15:51:41.177Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-0281 (GCVE-0-2017-0281)
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 13:03
Severity ?
EPSS score ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98297 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016. |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T13:03:55.893Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, { name: "98297", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98297", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016.", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-15T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, { name: "98297", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98297", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0281", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016.", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, { name: "98297", refsource: "BID", url: "http://www.securityfocus.com/bid/98297", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0281", datePublished: "2017-05-12T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T13:03:55.893Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0978 (GCVE-0-2020-0978)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2025-02-28 20:08
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-0978", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:13:12.056412Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:08:51.160Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:13:12.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0978", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0978", datePublished: "2020-04-15T15:13:12.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:08:51.160Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31172 (GCVE-0-2021-31172)
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2025-02-28 20:56
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5161.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:52.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-31172", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:52.601324Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290 Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:56:57.473Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5161.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10374.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5345.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:56:52.245Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31172", datePublished: "2021-05-11T19:11:24.000Z", dateReserved: "2021-04-14T00:00:00.000Z", dateUpdated: "2025-02-28T20:56:57.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1024 (GCVE-0-2020-1024)
Vulnerability from cvelistv5
Published
2020-05-21 22:52
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:00.625Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T22:52:47", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1024", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1024", datePublished: "2020-05-21T22:52:47", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:00.625Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1200 (GCVE-0-2020-1200)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:49.306Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1200", datePublished: "2020-09-11T17:09:06", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8299 (GCVE-0-2018-8299)
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104610 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041261 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint |
Version: Enterprise Server 2013 Service Pack 1 Version: Enterprise Server 2016 Version: Foundation 2013 Service Pack 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:54:35.339Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299", }, { name: "104610", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104610", }, { name: "1041261", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041261", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2013 Service Pack 1", }, { status: "affected", version: "Enterprise Server 2016", }, { status: "affected", version: "Foundation 2013 Service Pack 1", }, ], }, ], datePublic: "2018-07-10T00:00:00", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299", }, { name: "104610", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104610", }, { name: "1041261", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041261", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8299", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2013 Service Pack 1", }, { version_value: "Enterprise Server 2016", }, { version_value: "Foundation 2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299", }, { name: "104610", refsource: "BID", url: "http://www.securityfocus.com/bid/104610", }, { name: "1041261", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041261", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8299", datePublished: "2018-07-11T00:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:54:35.339Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-1707 (GCVE-0-2021-1707)
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1707 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1707", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:27.692Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1707", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1707", datePublished: "2021-01-12T19:42:38", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-10-08T16:17:27.692Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-0653 (GCVE-0-2011-0653)
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:58:26.081Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "oval:org.mitre.oval:def:12835", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-09-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"XSS in SharePoint Calendar Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "oval:org.mitre.oval:def:12835", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2011-0653", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"XSS in SharePoint Calendar Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS11-074", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "oval:org.mitre.oval:def:12835", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835", }, { name: "TA11-256A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2011-0653", datePublished: "2011-09-15T10:00:00", dateReserved: "2011-01-28T00:00:00", dateUpdated: "2024-08-06T21:58:26.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0083 (GCVE-0-2013-0083)
Vulnerability from cvelistv5
Published
2013-03-13 00:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-071A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:07.759Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-024", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-12T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka \"SharePoint XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-024", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-0083", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka \"SharePoint XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-024", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "TA13-071A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-0083", datePublished: "2013-03-13T00:00:00", dateReserved: "2012-11-27T00:00:00", dateUpdated: "2024-08-06T14:18:07.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1499 (GCVE-0-2020-1499)
Vulnerability from cvelistv5
Published
2020-08-17 19:13
Modified
2024-11-18 16:43
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1499 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.369Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1499", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-1499", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-11T17:07:49.019544Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T16:43:16.532Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-08-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:33:02.496Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1499", }, ], title: "Microsoft SharePoint Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1499", datePublished: "2020-08-17T19:13:16", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-11-18T16:43:16.532Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0830 (GCVE-0-2019-0830)
Vulnerability from cvelistv5
Published
2019-04-09 20:16
Modified
2025-02-28 20:13
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.038Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2019-0830", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T17:32:58.604706Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:13:55.982Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-09T20:16:58.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0830", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0830", datePublished: "2019-04-09T20:16:58.000Z", dateReserved: "2018-11-26T00:00:00.000Z", dateUpdated: "2025-02-28T20:13:55.982Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0929 (GCVE-0-2020-0929)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.538Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:51", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0929", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0929", datePublished: "2020-04-15T15:12:51", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.538Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1573 (GCVE-0-2020-1573)
Vulnerability from cvelistv5
Published
2020-08-17 19:13
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1573 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.627Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1573", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-08-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:33:17.741Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1573", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1573", datePublished: "2020-08-17T19:13:47", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.627Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41122 (GCVE-0-2022-41122)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41122 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2022-41122", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-05T13:12:44.885168Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T13:14:47.928Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41122", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:26.623Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41122", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41122", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:26.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2010-3324 (GCVE-0-2010-3324)
Vulnerability from cvelistv5
Published
2010-09-17 17:46
Modified
2024-08-07 03:03
Severity ?
EPSS score ?
Summary
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.wooyun.org/bug.php?action=view&id=189 | x_refsource_MISC | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 | vendor-advisory, x_refsource_MS | |
| http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html | mailing-list, x_refsource_FULLDISC | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/cas/techalerts/TA10-285A.html | third-party-advisory, x_refsource_CERT | |
| http://support.avaya.com/css/P8/documents/100113324 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T03:03:18.926Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.wooyun.org/bug.php?action=view&id=189", }, { name: "MS10-071", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071", }, { name: "20100814 IE8 toStaticHtml Bypass", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html", }, { name: "oval:org.mitre.oval:def:7297", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297", }, { name: "MS10-072", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072", }, { name: "TA10-285A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/css/P8/documents/100113324", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-08-14T00:00:00", descriptions: [ { lang: "en", value: "The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka \"HTML Sanitization Vulnerability,\" a different vulnerability than CVE-2010-1257.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.wooyun.org/bug.php?action=view&id=189", }, { name: "MS10-071", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071", }, { name: "20100814 IE8 toStaticHtml Bypass", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html", }, { name: "oval:org.mitre.oval:def:7297", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297", }, { name: "MS10-072", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072", }, { name: "TA10-285A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/css/P8/documents/100113324", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2010-3324", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka \"HTML Sanitization Vulnerability,\" a different vulnerability than CVE-2010-1257.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.wooyun.org/bug.php?action=view&id=189", refsource: "MISC", url: "http://www.wooyun.org/bug.php?action=view&id=189", }, { name: "MS10-071", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071", }, { name: "20100814 IE8 toStaticHtml Bypass", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html", }, { name: "oval:org.mitre.oval:def:7297", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297", }, { name: "MS10-072", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072", }, { name: "TA10-285A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { name: "http://support.avaya.com/css/P8/documents/100113324", refsource: "CONFIRM", url: "http://support.avaya.com/css/P8/documents/100113324", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2010-3324", datePublished: "2010-09-17T17:46:00", dateReserved: "2010-09-14T00:00:00", dateUpdated: "2024-08-07T03:03:18.926Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-1718 (GCVE-0-2021-1718)
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-11-19 15:25
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Tampering Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1718 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Foundation 2010 Service Pack 2 |
Version: 13.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:* |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:11.520Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1718", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1718", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T15:24:43.075813Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T15:25:28.523Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Tampering Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Tampering", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:30.865Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Tampering Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1718", }, ], title: "Microsoft SharePoint Server Tampering Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1718", datePublished: "2021-01-12T19:42:45", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-11-19T15:25:28.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17118 (GCVE-0-2020-17118)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17118 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17118", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T17:59:45.115Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17118", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17118", datePublished: "2020-12-09T23:36:44", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-21968 (GCVE-0-2022-21968)
Vulnerability from cvelistv5
Published
2022-02-09 16:36
Modified
2025-01-02 18:28
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21968 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5278.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21968", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5278.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10383.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20742", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5423.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5278.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10383.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20742", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5423.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-02-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:28:12.255Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21968", }, ], title: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21968", datePublished: "2022-02-09T16:36:24", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:28:12.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1289 (GCVE-0-2020-1289)
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1148.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Foundation |
Version: 2010 Service Pack 2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:59.996Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1148.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:54", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1289", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1148.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1289", datePublished: "2020-06-09T19:43:54", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:59.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-0145 (GCVE-0-2012-0145)
Vulnerability from cvelistv5
Published
2012-02-14 22:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-045A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:16:18.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA12-045A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { name: "oval:org.mitre.oval:def:14826", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826", }, { name: "MS12-011", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-02-14T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in wizardlist.aspx Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA12-045A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { name: "oval:org.mitre.oval:def:14826", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826", }, { name: "MS12-011", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-0145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in wizardlist.aspx Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA12-045A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { name: "oval:org.mitre.oval:def:14826", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826", }, { name: "MS12-011", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-0145", datePublished: "2012-02-14T22:00:00", dateReserved: "2011-12-13T00:00:00", dateUpdated: "2024-08-06T18:16:18.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1329 (GCVE-0-2019-1329)
Vulnerability from cvelistv5
Published
2019-10-10 13:28
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2010 Service Pack 2 Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.462Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-10T13:28:41", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1329", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1329", datePublished: "2019-10-10T13:28:41", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.462Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-42294 (GCVE-0-2021-42294)
Vulnerability from cvelistv5
Published
2021-12-15 14:14
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5254.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:37.737Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5254.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10381.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20620", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*", ], platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20620", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-12-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:44:15.389Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42294", datePublished: "2021-12-15T14:14:54", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:37.737Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1318 (GCVE-0-2020-1318)
Vulnerability from cvelistv5
Published
2020-06-09 19:44
Modified
2025-02-28 20:06
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:32:00.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1318", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:11:26.805377Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:06:26.156Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:44:07.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1318", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1318", datePublished: "2020-06-09T19:44:07.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:06:26.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16945 (GCVE-0-2020-16945)
Vulnerability from cvelistv5
Published
2020-10-16 22:18
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16945 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16945", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:20:19.093Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16945", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16945", datePublished: "2020-10-16T22:18:00", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0080 (GCVE-0-2013-0080)
Vulnerability from cvelistv5
Published
2013-03-13 00:00
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-071A | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:10:56.907Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-024", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { name: "oval:org.mitre.oval:def:16596", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"Callback Function Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-024", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { name: "oval:org.mitre.oval:def:16596", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-0080", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"Callback Function Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-024", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "TA13-071A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { name: "oval:org.mitre.oval:def:16596", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-0080", datePublished: "2013-03-13T00:00:00", dateReserved: "2012-11-27T00:00:00", dateUpdated: "2024-08-06T14:10:56.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-1754 (GCVE-0-2014-1754)
Vulnerability from cvelistv5
Published
2014-05-14 10:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1030227 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/67288 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:50:11.164Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS14-022", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, { name: "1030227", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030227", }, { name: "67288", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/67288", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-05-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS14-022", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, { name: "1030227", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030227", }, { name: "67288", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/67288", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2014-1754", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS14-022", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, { name: "1030227", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030227", }, { name: "67288", refsource: "BID", url: "http://www.securityfocus.com/bid/67288", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2014-1754", datePublished: "2014-05-14T10:00:00", dateReserved: "2014-01-29T00:00:00", dateUpdated: "2024-08-06T09:50:11.164Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41036 (GCVE-0-2022-41036)
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-01-02 21:27
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41036 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5365.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.146Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41036", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5365.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10391.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20158", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5365.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10391.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20158", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-10-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:27:15.528Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41036", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41036", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:27:15.528Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1682 (GCVE-0-2015-1682)
Vulnerability from cvelistv5
Published
2015-05-13 10:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74481 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1032295 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:47:17.594Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "74481", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/74481", }, { name: "1032295", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032295", }, { name: "MS15-046", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "74481", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/74481", }, { name: "1032295", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032295", }, { name: "MS15-046", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-1682", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "74481", refsource: "BID", url: "http://www.securityfocus.com/bid/74481", }, { name: "1032295", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032295", }, { name: "MS15-046", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-1682", datePublished: "2015-05-13T10:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:47:17.594Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3179 (GCVE-0-2013-3179)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:00:10.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:18750", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:18750", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3179", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "oval:org.mitre.oval:def:18750", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3179", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-04-17T00:00:00", dateUpdated: "2024-08-06T16:00:10.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21716 (GCVE-0-2023-21716)
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-02-28 21:13
Severity ?
EPSS score ?
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21716", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:05.782542Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:13:53.143Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Office LTSC for Mac 2021", vendor: "Microsoft", versions: [ { lessThan: "16.70.23021201", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft Office LTSC 2021", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20478", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft 365 Apps for Enterprise", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "SharePoint Server Subscription Edition Language Pack", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20478", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { lessThan: "16.0.10395.20001", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office 2019 for Mac", vendor: "Microsoft", versions: [ { lessThan: "16.70.23021201", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Office 2019", vendor: "Microsoft", versions: [ { lessThan: "https://aka.ms/OfficeSecurityReleases", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5383.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10395.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft Word 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5383.1000", status: "affected", version: "16.0.1", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Office Web Apps Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "ARM64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Word 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.1", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.70.23021201", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20478", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20478", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10395.20001", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*", versionEndExcluding: "16.70.23021201", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", versionEndExcluding: "https://aka.ms/OfficeSecurityReleases", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5383.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10395.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.5383.1000", versionStartIncluding: "16.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:18.719Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Word Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, ], title: "Microsoft Word Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21716", datePublished: "2023-02-14T19:33:45.678Z", dateReserved: "2022-12-13T18:08:03.491Z", dateUpdated: "2025-02-28T21:13:53.143Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1298 (GCVE-0-2020-1298)
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2025-02-28 20:06
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:32:00.748Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1298", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:11:38.494995Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:06:36.253Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:58.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1298", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1298", datePublished: "2020-06-09T19:43:59.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:06:36.253Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-30158 (GCVE-0-2022-30158)
Vulnerability from cvelistv5
Published
2022-06-15 21:51
Modified
2025-01-02 19:03
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30158 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5332.1001 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.962Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30158", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-30158", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-02T20:55:43.257662Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-20T15:19:47.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5332.1001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10387.20008", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14931.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5459.1001", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5332.1001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10387.20008", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14931.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5459.1001", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-06-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:03:01.749Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30158", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-30158", datePublished: "2022-06-15T21:51:51", dateReserved: "2022-05-03T00:00:00", dateUpdated: "2025-01-02T19:03:01.749Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0054 (GCVE-0-2016-0054)
Vulnerability from cvelistv5
Published
2016-02-10 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034976 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:08:12.779Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1034976", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034976", }, { name: "MS16-015", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-09T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1034976", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034976", }, { name: "MS16-015", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-0054", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1034976", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034976", }, { name: "MS16-015", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-0054", datePublished: "2016-02-10T11:00:00", dateReserved: "2015-12-04T00:00:00", dateUpdated: "2024-08-05T22:08:12.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-37961 (GCVE-0-2022-37961)
Vulnerability from cvelistv5
Published
2022-09-13 18:42
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37961 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:37:42.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37961", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:15.473Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37961", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-37961", datePublished: "2022-09-13T18:42:09", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2025-03-11T16:10:15.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-22005 (GCVE-0-2022-22005)
Vulnerability from cvelistv5
Published
2022-02-09 16:36
Modified
2025-01-02 18:28
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5278.1000 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:55.147Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5278.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5423.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10383.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20742", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5278.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5423.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10383.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.14326.20742", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-02-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:28:24.655Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-22005", datePublished: "2022-02-09T16:36:59", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:28:24.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0850 (GCVE-0-2020-0850)
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.634Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, { status: "affected", version: "2016 for Mac", }, ], }, { product: "Office 365 ProPlus", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "64-bit Systems", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T15:48:40", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0850", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, { version_value: "2016 for Mac", }, ], }, }, { product_name: "Office 365 ProPlus", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "64-bit Systems", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0850", datePublished: "2020-03-12T15:48:40", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.634Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41038 (GCVE-0-2022-41038)
Vulnerability from cvelistv5
Published
2022-10-11 00:00
Modified
2025-01-02 21:27
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5365.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:48.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41038", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5365.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10391.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20158", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5493.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5365.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10391.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20158", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5493.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-10-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:27:45.546Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41038", datePublished: "2022-10-11T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:27:45.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0604 (GCVE-0-2019-0604)
Vulnerability from cvelistv5
Published
2019-03-06 00:00
Modified
2025-02-07 16:28
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106914 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server |
Version: 2010 Service Pack 2 Version: 2019 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:51:27.261Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "106914", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106914", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2019-0604", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T16:20:47.392214Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0604", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T16:28:17.385Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], datePublic: "2019-03-05T00:00:00.000Z", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-06T10:57:01.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "106914", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106914", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0604", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "106914", refsource: "BID", url: "http://www.securityfocus.com/bid/106914", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0604", datePublished: "2019-03-06T00:00:00.000Z", dateReserved: "2018-11-26T00:00:00.000Z", dateUpdated: "2025-02-07T16:28:17.385Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16979 (GCVE-0-2020-16979)
Vulnerability from cvelistv5
Published
2020-11-11 06:47
Modified
2024-09-10 15:51
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16979 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.816Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16979", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:51:08.427Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16979", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16979", datePublished: "2020-11-11T06:47:51", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-09-10T15:51:08.427Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1104 (GCVE-0-2020-1104)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T22:53:08", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1104", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1104", datePublished: "2020-05-21T22:53:08", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31948 (GCVE-0-2021-31948)
Vulnerability from cvelistv5
Published
2021-06-08 22:46
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5173.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:31.270Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5173.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10375.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5353.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-06-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:55:41.679Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31948", datePublished: "2021-06-08T22:46:20", dateReserved: "2021-04-30T00:00:00", dateUpdated: "2024-08-03T23:10:31.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-4116 (GCVE-0-2014-4116)
Vulnerability from cvelistv5
Published
2014-11-11 22:00
Modified
2024-08-06 11:04
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1031192 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:04:28.503Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS14-073", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073", }, { name: "1031192", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031192", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-11T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka \"SharePoint Elevation of Privilege Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS14-073", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073", }, { name: "1031192", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031192", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2014-4116", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka \"SharePoint Elevation of Privilege Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS14-073", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073", }, { name: "1031192", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031192", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2014-4116", datePublished: "2014-11-11T22:00:00", dateReserved: "2014-06-12T00:00:00", dateUpdated: "2024-08-06T11:04:28.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0086 (GCVE-0-2013-0086)
Vulnerability from cvelistv5
Published
2013-03-13 00:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-071A | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:07.750Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-025", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { name: "oval:org.mitre.oval:def:16539", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Buffer Size Validation Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-025", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { name: "oval:org.mitre.oval:def:16539", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-0086", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Buffer Size Validation Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-025", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025", }, { name: "TA13-071A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { name: "oval:org.mitre.oval:def:16539", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-0086", datePublished: "2013-03-13T00:00:00", dateReserved: "2012-11-27T00:00:00", dateUpdated: "2024-08-06T14:18:07.750Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17115 (GCVE-0-2020-17115)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17115 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server 2019 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17115", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T18:00:00.798Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17115", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17115", datePublished: "2020-12-09T23:36:43", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1107 (GCVE-0-2020-1107)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.149Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T22:53:09", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1107", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1107", datePublished: "2020-05-21T22:53:09", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:01.149Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0975 (GCVE-0-2020-0975)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.673Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:13:10", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0975", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0975", datePublished: "2020-04-15T15:13:10", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.673Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1345 (GCVE-0-2020-1345)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:32
Severity ?
EPSS score ?
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:32:01.210Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:33:59.911Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1345", datePublished: "2020-09-11T17:09:15", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:32:01.210Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1183 (GCVE-0-2020-1183)
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2025-02-28 20:07
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1183 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.300Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1183", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1183", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:12:00.446018Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:07:05.810Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:19.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1183", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1183", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1183", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1183", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1183", datePublished: "2020-06-09T19:43:19.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:07:05.810Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1444 (GCVE-0-2020-1444)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.366Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-14T22:54:45", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1444", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1444", datePublished: "2020-07-14T22:54:45", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.366Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1514 (GCVE-0-2020-1514)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1514 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.502Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1514", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:59.575Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1514", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1514", datePublished: "2020-09-11T17:09:21", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.502Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-28474 (GCVE-0-2021-28474)
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-574/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5161.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:32.625Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-574/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5161.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10374.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5345.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:57:09.448Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-574/", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28474", datePublished: "2021-05-11T19:11:16", dateReserved: "2021-03-15T00:00:00", dateUpdated: "2024-08-03T21:47:32.625Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8155 (GCVE-0-2018-8155)
Vulnerability from cvelistv5
Published
2018-05-09 19:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040856 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/104047 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint |
Version: Enterprise Server 2016 Version: Foundation 2013 Service Pack 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:13.471Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040856", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040856", }, { name: "104047", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104047", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2016", }, { status: "affected", version: "Foundation 2013 Service Pack 1", }, ], }, ], datePublic: "2018-05-08T00:00:00", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-10T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1040856", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040856", }, { name: "104047", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104047", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8155", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2016", }, { version_value: "Foundation 2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "1040856", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040856", }, { name: "104047", refsource: "BID", url: "http://www.securityfocus.com/bid/104047", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8155", datePublished: "2018-05-09T19:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:46:13.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-0255 (GCVE-0-2017-0255)
Vulnerability from cvelistv5
Published
2017-05-12 14:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98107 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft Office |
Version: Microsoft SharePoint Foundation 2013 SP1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:55:19.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "98107", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98107", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Office", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft SharePoint Foundation 2013 SP1", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka \"Microsoft SharePoint XSS Vulnerability\".", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-15T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "98107", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98107", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0255", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Office", version: { version_data: [ { version_value: "Microsoft SharePoint Foundation 2013 SP1", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka \"Microsoft SharePoint XSS Vulnerability\".", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "98107", refsource: "BID", url: "http://www.securityfocus.com/bid/98107", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0255", datePublished: "2017-05-12T14:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:55:19.277Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-26420 (GCVE-0-2021-26420)
Vulnerability from cvelistv5
Published
2021-06-08 22:46
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-755/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5173.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-755/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5173.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10375.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5353.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-06-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:55:23.503Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-755/", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26420", datePublished: "2021-06-08T22:46:12", dateReserved: "2021-01-29T00:00:00", dateUpdated: "2024-08-03T20:26:25.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1580 (GCVE-0-2020-1580)
Vulnerability from cvelistv5
Published
2020-08-17 19:13
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1580 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1580", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-08-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:33:20.191Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1580", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1580", datePublished: "2020-08-17T19:13:50", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.643Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-0017 (GCVE-0-2012-0017)
Vulnerability from cvelistv5
Published
2012-02-14 22:00
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-045A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:09:17.113Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA12-045A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { name: "oval:org.mitre.oval:def:14637", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637", }, { name: "MS12-011", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-02-14T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in inplview.aspx Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA12-045A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { name: "oval:org.mitre.oval:def:14637", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637", }, { name: "MS12-011", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-0017", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in inplview.aspx Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA12-045A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { name: "oval:org.mitre.oval:def:14637", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637", }, { name: "MS12-011", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-0017", datePublished: "2012-02-14T22:00:00", dateReserved: "2011-11-09T00:00:00", dateUpdated: "2024-08-06T18:09:17.113Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0085 (GCVE-0-2013-0085)
Vulnerability from cvelistv5
Published
2013-03-13 00:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/ncas/alerts/TA13-071A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:07.765Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS13-024", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "oval:org.mitre.oval:def:16414", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-12T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka \"Buffer Overflow Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS13-024", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "oval:org.mitre.oval:def:16414", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414", }, { name: "TA13-071A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-0085", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka \"Buffer Overflow Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS13-024", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { name: "oval:org.mitre.oval:def:16414", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414", }, { name: "TA13-071A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-0085", datePublished: "2013-03-13T00:00:00", dateReserved: "2012-11-27T00:00:00", dateUpdated: "2024-08-06T14:18:07.765Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2012-1863 (GCVE-0-2012-1863)
Vulnerability from cvelistv5
Published
2012-07-10 21:00
Modified
2024-08-06 19:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/cas/techalerts/TA12-192A.html | third-party-advisory, x_refsource_CERT | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | vendor-advisory, x_refsource_MS | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:08:38.728Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15689", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-07-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Reflected List Parameter Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "TA12-192A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15689", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2012-1863", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Reflected List Parameter Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "TA12-192A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { name: "MS12-050", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { name: "oval:org.mitre.oval:def:15689", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2012-1863", datePublished: "2012-07-10T21:00:00", dateReserved: "2012-03-22T00:00:00", dateUpdated: "2024-08-06T19:08:38.728Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16951 (GCVE-0-2020-16951)
Vulnerability from cvelistv5
Published
2020-10-16 22:18
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.836Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:20:21.650Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16951", datePublished: "2020-10-16T22:18:03", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.836Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0932 (GCVE-0-2020-0932)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:52", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0932", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0932", datePublished: "2020-04-15T15:12:52", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-6037 (GCVE-0-2015-6037)
Vulnerability from cvelistv5
Published
2015-10-14 01:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka "Microsoft Office Web Apps XSS Spoofing Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1033804 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1033803 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:06:35.212Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS15-110", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { name: "1033804", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033804", }, { name: "1033803", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033803", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-10-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka \"Microsoft Office Web Apps XSS Spoofing Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS15-110", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { name: "1033804", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033804", }, { name: "1033803", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033803", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-6037", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka \"Microsoft Office Web Apps XSS Spoofing Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS15-110", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { name: "1033804", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033804", }, { name: "1033803", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033803", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-6037", datePublished: "2015-10-14T01:00:00", dateReserved: "2015-08-14T00:00:00", dateUpdated: "2024-08-06T07:06:35.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1259 (GCVE-0-2019-1259)
Vulnerability from cvelistv5
Published
2019-09-11 21:24
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:29.655Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-11T21:24:59", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1259", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1259", datePublished: "2019-09-11T21:24:59", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:29.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0923 (GCVE-0-2020-0923)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:11
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-0923", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:14:19.767593Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:11:08.640Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:48.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0923", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0923", datePublished: "2020-04-15T15:12:49.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:11:08.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-0107 (GCVE-0-2017-0107)
Vulnerability from cvelistv5
Published
2017-03-17 00:00
Modified
2024-08-05 12:55
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038019 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96748 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | SharePoint |
Version: SharePoint Server |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:55:19.008Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107", }, { name: "1038019", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038019", }, { name: "96748", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96748", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SharePoint", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "SharePoint Server", }, ], }, ], datePublic: "2017-03-14T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107", }, { name: "1038019", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038019", }, { name: "96748", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96748", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2017-0107", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SharePoint", version: { version_data: [ { version_value: "SharePoint Server", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107", }, { name: "1038019", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038019", }, { name: "96748", refsource: "BID", url: "http://www.securityfocus.com/bid/96748", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2017-0107", datePublished: "2017-03-17T00:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-05T12:55:19.008Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1100 (GCVE-0-2020-1100)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2025-02-28 20:08
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.098Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1100", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:12:32.319865Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:08:04.680Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T22:53:06.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1100", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1100", datePublished: "2020-05-21T22:53:06.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:08:04.680Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-31171 (GCVE-0-2021-31171)
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5161.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:53.210Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5161.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10374.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5345.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:56:51.732Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31171", datePublished: "2021-05-11T19:11:23", dateReserved: "2021-04-14T00:00:00", dateUpdated: "2024-08-03T22:55:53.210Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17016 (GCVE-0-2020-17016)
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:51
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17016 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.867Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17016", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:51:41.692Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17016", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17016", datePublished: "2020-11-11T06:48:04", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-09-10T15:51:41.692Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17089 (GCVE-0-2020-17089)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17089 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17089", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T17:59:39.639Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17089", }, ], title: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17089", datePublished: "2020-12-09T23:36:39", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.699Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-40487 (GCVE-0-2021-40487)
Vulnerability from cvelistv5
Published
2021-10-13 00:27
Modified
2025-02-28 20:54
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1225/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5227.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:44:10.851Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1225/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-40487", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:24:02.066502Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:54:18.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5227.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10379.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5389.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-10-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:52:35.011Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1225/", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-40487", datePublished: "2021-10-13T00:27:39.000Z", dateReserved: "2021-09-02T00:00:00.000Z", dateUpdated: "2025-02-28T20:54:18.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17120 (GCVE-0-2020-17120)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17120 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17120", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T18:00:01.604Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17120", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17120", datePublished: "2020-12-09T23:36:45", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0039 (GCVE-0-2016-0039)
Vulnerability from cvelistv5
Published
2016-02-10 11:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034975 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:08:12.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-015", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, { name: "1034975", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034975", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-09T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-015", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, { name: "1034975", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034975", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-0039", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-015", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, { name: "1034975", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034975", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-0039", datePublished: "2016-02-10T11:00:00", dateReserved: "2015-12-04T00:00:00", dateUpdated: "2024-08-05T22:08:12.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-24104 (GCVE-0-2021-24104)
Vulnerability from cvelistv5
Published
2021-03-11 15:02
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24104 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:21:18.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24104", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:P/RL:W/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:08:54.087Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24104", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-24104", datePublished: "2021-03-11T15:02:28", dateReserved: "2021-01-13T00:00:00", dateUpdated: "2024-08-03T19:21:18.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1261 (GCVE-0-2019-1261)
Vulnerability from cvelistv5
Published
2019-09-11 21:24
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.206Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-11T21:24:59", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1261", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1261", datePublished: "2019-09-11T21:24:59", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-24072 (GCVE-0-2021-24072)
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24072 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T19:21:17.788Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24072", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-02-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T22:33:32.355Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24072", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-24072", datePublished: "2021-02-25T23:01:37", dateReserved: "2021-01-13T00:00:00", dateUpdated: "2024-08-03T19:21:17.788Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1023 (GCVE-0-2020-1023)
Vulnerability from cvelistv5
Published
2020-05-21 22:52
Modified
2024-08-04 06:25
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:00.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-21T22:52:47", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1023", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1023", datePublished: "2020-05-21T22:52:47", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:25:00.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16948 (GCVE-0-2020-16948)
Vulnerability from cvelistv5
Published
2020-10-16 22:18
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>
<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16948 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.668Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16948", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>\n<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:19:58.134Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16948", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16948", datePublished: "2020-10-16T22:18:01", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.668Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1330 (GCVE-0-2019-1330)
Vulnerability from cvelistv5
Published
2019-10-10 13:28
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.397Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-10T13:28:41", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1330", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1330", datePublished: "2019-10-10T13:28:41", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.397Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1210 (GCVE-0-2020-1210)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:58.170Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:business_productivity_servers:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Business Productivity Servers 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 9.9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:50.317Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1210", datePublished: "2020-09-11T17:09:07", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:58.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-34468 (GCVE-0-2021-34468)
Vulnerability from cvelistv5
Published
2021-07-14 17:54
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-829/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5188.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.198Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-829/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5188.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10376.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5363.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:41.643Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-829/", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34468", datePublished: "2021-07-14T17:54:00", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-04T00:12:50.198Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-2816 (GCVE-0-2014-2816)
Vulnerability from cvelistv5
Published
2014-08-12 21:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69099 | vdb-entry, x_refsource_BID | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-050 | vendor-advisory, x_refsource_MS | |
| http://secunia.com/advisories/60675 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id/1030720 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:28:44.917Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "69099", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69099", }, { name: "MS14-050", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-050", }, { name: "60675", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60675", }, { name: "1030720", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030720", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-08-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka \"SharePoint Page Content Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "69099", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69099", }, { name: "MS14-050", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-050", }, { name: "60675", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60675", }, { name: "1030720", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030720", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2014-2816", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka \"SharePoint Page Content Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "69099", refsource: "BID", url: "http://www.securityfocus.com/bid/69099", }, { name: "MS14-050", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-050", }, { name: "60675", refsource: "SECUNIA", url: "http://secunia.com/advisories/60675", }, { name: "1030720", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030720", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2014-2816", datePublished: "2014-08-12T21:00:00", dateReserved: "2014-04-10T00:00:00", dateUpdated: "2024-08-06T10:28:44.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-17121 (GCVE-0-2020-17121)
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17121 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation 2013 Service Pack 1 |
Version: 15.0.0 < publication cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.693Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17121", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T18:00:02.328Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17121", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17121", datePublished: "2020-12-09T23:36:45", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-1700 (GCVE-0-2015-1700)
Vulnerability from cvelistv5
Published
2015-05-13 10:00
Modified
2024-08-06 04:47
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032296 | vdb-entry, x_refsource_SECTRACK | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-047 | vendor-advisory, x_refsource_MS |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:47:17.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032296", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032296", }, { name: "MS15-047", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-047", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka \"Microsoft SharePoint Page Content Vulnerabilities.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "1032296", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032296", }, { name: "MS15-047", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-047", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-1700", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka \"Microsoft SharePoint Page Content Vulnerabilities.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032296", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032296", }, { name: "MS15-047", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-047", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-1700", datePublished: "2015-05-13T10:00:00", dateReserved: "2015-02-17T00:00:00", dateUpdated: "2024-08-06T04:47:17.637Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0949 (GCVE-0-2019-0949)
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0949 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.890Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0949", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T18:17:03", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0949", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0949", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0949", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0949", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0949", datePublished: "2019-05-16T18:17:03", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:59.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21717 (GCVE-0-2023-21717)
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-04-12 03:55
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5383.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:49.363Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21717", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-02-13T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-12T03:55:19.923Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5383.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10395.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20478", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5529.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5383.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10395.20001", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20478", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5529.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:19.240Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717", }, ], title: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21717", datePublished: "2023-02-14T19:33:46.638Z", dateReserved: "2022-12-13T18:08:03.491Z", dateUpdated: "2025-04-12T03:55:19.923Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21744 (GCVE-0-2023-21744)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21744 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5378.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21744", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21744", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:32.094793Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:33.586Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5378.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5519.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10394.20021", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20418", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5519.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5378.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5519.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10394.20021", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20418", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5519.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:35:57.652Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21744", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21744", datePublished: "2023-01-10T00:00:00.000Z", dateReserved: "2022-12-13T00:00:00.000Z", dateUpdated: "2025-02-28T21:14:33.586Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-38009 (GCVE-0-2022-38009)
Vulnerability from cvelistv5
Published
2022-09-13 18:42
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5361.1002 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:37:42.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5361.1002", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10390.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20052", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5485.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5361.1002", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10390.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20052", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5485.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:14.652Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-38009", datePublished: "2022-09-13T18:42:18", dateReserved: "2022-08-08T00:00:00", dateUpdated: "2025-03-11T16:10:14.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1296 (GCVE-0-2019-1296)
Vulnerability from cvelistv5
Published
2019-09-11 21:25
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.065Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-11T21:25:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1296", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1296", datePublished: "2019-09-11T21:25:01", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.065Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-6039 (GCVE-0-2015-6039)
Vulnerability from cvelistv5
Published
2015-10-14 01:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1033804 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:06:35.214Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS15-110", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { name: "1033804", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033804", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-10-13T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka \"Microsoft SharePoint Security Feature Bypass Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS15-110", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { name: "1033804", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033804", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2015-6039", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka \"Microsoft SharePoint Security Feature Bypass Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS15-110", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { name: "1033804", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033804", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2015-6039", datePublished: "2015-10-14T01:00:00", dateReserved: "2015-08-14T00:00:00", dateUpdated: "2024-08-06T07:06:35.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1576 (GCVE-0-2020-1576)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.525Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:13.075Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1576", datePublished: "2020-09-11T17:09:24", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0795 (GCVE-0-2020-0795)
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2025-02-28 20:12
Severity ?
EPSS score ?
Summary
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:01.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-0795", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:15:20.509604Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:12:28.033Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft Business Productivity Servers", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T15:48:18.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0795", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft Business Productivity Servers", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0795", datePublished: "2020-03-12T15:48:18.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:12:28.033Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-3847 (GCVE-0-2013-3847)
Vulnerability from cvelistv5
Published
2013-09-11 10:00
Modified
2024-08-06 16:22
Severity ?
EPSS score ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.
References
| ▼ | URL | Tags |
|---|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 | vdb-entry, signature, x_refsource_OVAL | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | vendor-advisory, x_refsource_MS | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | vendor-advisory, x_refsource_MS | |
| http://www.us-cert.gov/ncas/alerts/TA13-253A | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:22:01.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "oval:org.mitre.oval:def:18749", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { name: "oval:org.mitre.oval:def:18988", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-09-10T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "oval:org.mitre.oval:def:18749", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { name: "oval:org.mitre.oval:def:18988", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, { name: "MS13-072", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2013-3847", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "oval:org.mitre.oval:def:18749", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { name: "oval:org.mitre.oval:def:18988", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, { name: "MS13-072", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { name: "MS13-067", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { name: "TA13-253A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2013-3847", datePublished: "2013-09-11T10:00:00", dateReserved: "2013-06-03T00:00:00", dateUpdated: "2024-08-06T16:22:01.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-28450 (GCVE-0-2021-28450)
Vulnerability from cvelistv5
Published
2021-04-13 19:33
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28450 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:14.463Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28450", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:41.572Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28450", }, ], title: "Microsoft SharePoint Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28450", datePublished: "2021-04-13T19:33:33", dateReserved: "2021-03-15T00:00:00", dateUpdated: "2024-08-03T21:40:14.463Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1452 (GCVE-0-2020-1452)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-11-18 16:24
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:09.750Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-1452", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-18T16:23:53.379905Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-18T16:24:00.737Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:08.476Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452", }, ], title: "Microsoft SharePoint Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1452", datePublished: "2020-09-11T17:09:16", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-11-18T16:24:00.737Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0950 (GCVE-0-2019-0950)
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0950 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0950", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T18:17:03", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0950", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0950", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0950", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0950", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0950", datePublished: "2019-05-16T18:17:03", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:59.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-42309 (GCVE-0-2021-42309)
Vulnerability from cvelistv5
Published
2021-12-15 14:14
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-074/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5254.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.283Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-074/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5254.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10381.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.14326.20620", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5407.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-12-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:44:42.010Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-074/", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42309", datePublished: "2021-12-15T14:14:56", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:38.283Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0956 (GCVE-0-2019-0956)
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0956 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0956", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, ], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-16T18:17:03", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0956", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0956", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0956", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0956", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0956", datePublished: "2019-05-16T18:17:03", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T17:58:59.637Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16953 (GCVE-0-2020-16953)
Vulnerability from cvelistv5
Published
2020-10-16 22:18
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>
<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16953 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.614Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16953", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>\n<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:19:58.631Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16953", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16953", datePublished: "2020-10-16T22:18:04", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-0790 (GCVE-0-2018-0790)
Vulnerability from cvelistv5
Published
2018-01-10 01:00
Modified
2024-09-16 21:58
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040150 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102391 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | Microsoft SharePoint |
Version: Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:35:49.354Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790", }, { name: "1040150", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040150", }, { name: "102391", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102391", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint", vendor: "Microsoft Corporation", versions: [ { status: "affected", version: "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016", }, ], }, ], datePublic: "2018-01-09T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0789.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-11T10:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790", }, { name: "1040150", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040150", }, { name: "102391", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102391", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", DATE_PUBLIC: "2018-01-09T00:00:00", ID: "CVE-2018-0790", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016", }, ], }, }, ], }, vendor_name: "Microsoft Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0789.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790", }, { name: "1040150", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040150", }, { name: "102391", refsource: "BID", url: "http://www.securityfocus.com/bid/102391", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-0790", datePublished: "2018-01-10T01:00:00Z", dateReserved: "2017-12-01T00:00:00", dateUpdated: "2024-09-16T21:58:09.932Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-0831 (GCVE-0-2019-0831)
Vulnerability from cvelistv5
Published
2019-04-09 20:16
Modified
2025-02-28 20:13
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Server |
Version: 2010 Service Pack 2 Version: 2019 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:58:59.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2019-0831", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T17:32:58.604706Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:13:42.292Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-09T20:16:58.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-0831", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-0831", datePublished: "2019-04-09T20:16:58.000Z", dateReserved: "2018-11-26T00:00:00.000Z", dateUpdated: "2025-02-28T20:13:42.292Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-34517 (GCVE-0-2021-34517)
Vulnerability from cvelistv5
Published
2021-07-14 17:54
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34517 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5188.1000 cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.553Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34517", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5188.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5363.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10376.20001", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5363.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:37:15.765Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34517", }, ], title: "Microsoft SharePoint Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34517", datePublished: "2021-07-14T17:54:32", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-04T00:12:50.553Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1297 (GCVE-0-2020-1297)
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2025-02-28 20:06
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1297 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:32:01.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1297", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1297", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:11:49.639893Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:06:50.954Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:58.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1297", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1297", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1297", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1297", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1297", datePublished: "2020-06-09T19:43:58.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:06:50.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16942 (GCVE-0-2020-16942)
Vulnerability from cvelistv5
Published
2020-10-16 22:17
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p>
<p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p>
<p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.535Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p>\n<p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p>\n<p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 4.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:19:57.630Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16942", datePublished: "2020-10-16T22:17:58", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.535Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0920 (GCVE-0-2020-0920)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:12:48", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0920", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0920", datePublished: "2020-04-15T15:12:48", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.540Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1177 (GCVE-0-2020-1177)
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2025-02-28 20:07
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1177 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:25:01.188Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1177", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-1177", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:12:11.863217Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:07:20.276Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-09T19:43:18.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1177", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1177", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1177", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1177", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1177", datePublished: "2020-06-09T19:43:18.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:07:20.276Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1505 (GCVE-0-2020-1505)
Vulnerability from cvelistv5
Published
2020-08-17 19:13
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Server 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-08-11T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.\n", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T16:33:05.436Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1505", datePublished: "2020-08-17T19:13:19", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.367Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16941 (GCVE-0-2020-16941)
Vulnerability from cvelistv5
Published
2020-10-16 22:17
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p>
<p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p>
<p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p>\n<p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p>\n<p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 4.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:19:57.144Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941", }, ], title: "Microsoft SharePoint Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16941", datePublished: "2020-10-16T22:17:58", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.637Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41062 (GCVE-0-2022-41062)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5369.1000 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.144Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "16.0.5369.1000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "16.0.10392.20000", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server Subscription Edition", vendor: "Microsoft", versions: [ { lessThan: "16.0.15601.20238", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "15.0.5501.1000", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", versionEndExcluding: "16.0.5369.1000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", versionEndExcluding: "16.0.10392.20000", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", versionEndExcluding: "16.0.15601.20238", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", versionEndExcluding: "15.0.5501.1000", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:49.880Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SharePoint Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41062", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:49.880Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-0011 (GCVE-0-2016-0011)
Vulnerability from cvelistv5
Published
2016-01-13 02:00
Modified
2024-08-05 22:08
Severity ?
EPSS score ?
Summary
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2015-6117.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 | vendor-advisory, x_refsource_MS | |
| http://www.securitytracker.com/id/1034653 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:08:12.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS16-004", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, { name: "1034653", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034653", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-12T00:00:00", descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka \"Microsoft SharePoint Security Feature Bypass,\" a different vulnerability than CVE-2015-6117.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS16-004", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, { name: "1034653", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034653", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2016-0011", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka \"Microsoft SharePoint Security Feature Bypass,\" a different vulnerability than CVE-2015-6117.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS16-004", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, { name: "1034653", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034653", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2016-0011", datePublished: "2016-01-13T02:00:00", dateReserved: "2015-12-04T00:00:00", dateUpdated: "2024-08-05T22:08:12.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-1892 (GCVE-0-2011-1892)
Vulnerability from cvelistv5
Published
2011-09-15 10:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | vendor-advisory, x_refsource_MS | |
| http://securityreason.com/securityalert/8386 | third-party-advisory, x_refsource_SREASON | |
| http://www.us-cert.gov/cas/techalerts/TA11-256A.html | third-party-advisory, x_refsource_CERT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:46:00.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", "x_transferred", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "8386", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/8386", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { name: "oval:org.mitre.oval:def:12907", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-09-13T00:00:00", descriptions: [ { lang: "en", value: "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-12T19:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "MS11-074", tags: [ "vendor-advisory", "x_refsource_MS", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "8386", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/8386", }, { name: "TA11-256A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { name: "oval:org.mitre.oval:def:12907", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2011-1892", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MS11-074", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { name: "8386", refsource: "SREASON", url: "http://securityreason.com/securityalert/8386", }, { name: "TA11-256A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { name: "oval:org.mitre.oval:def:12907", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2011-1892", datePublished: "2011-09-15T10:00:00", dateReserved: "2011-05-04T00:00:00", dateUpdated: "2024-08-06T22:46:00.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8254 (GCVE-0-2018-8254)
Vulnerability from cvelistv5
Published
2018-06-14 12:00
Modified
2024-08-05 06:46
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041106 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/104325 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Project Server |
Version: 2010 Service Pack 2 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:46:13.969Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254", }, { name: "1041106", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041106", }, { name: "104325", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104325", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft Project Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft SharePoint", vendor: "Microsoft", versions: [ { status: "affected", version: "Enterprise Server 2016", }, { status: "affected", version: "Foundation 2013 Service Pack 1", }, ], }, ], datePublic: "2018-06-14T00:00:00", descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-15T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254", }, { name: "1041106", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041106", }, { name: "104325", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104325", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8254", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft Project Server", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint", version: { version_data: [ { version_value: "Enterprise Server 2016", }, { version_value: "Foundation 2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254", }, { name: "1041106", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041106", }, { name: "104325", refsource: "BID", url: "http://www.securityfocus.com/bid/104325", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8254", datePublished: "2018-06-14T12:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:46:13.969Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1460 (GCVE-0-2020-1460)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.</p>
<p>To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles processing of created content.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:09.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.</p>\n<p>To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles processing of created content.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:00.678Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460", }, ], title: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1460", datePublished: "2020-09-11T17:09:17", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:09.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-8284 (GCVE-0-2018-8284)
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:54
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104667 | vdb-entry, x_refsource_BID | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1041257 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft .NET Framework |
Version: 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 Version: 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 Version: 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 3.5 on Windows 10 for 32-bit Systems Version: 3.5 on Windows 10 for x64-based Systems Version: 3.5 on Windows 10 Version 1607 for 32-bit Systems Version: 3.5 on Windows 10 Version 1607 for x64-based Systems Version: 3.5 on Windows 10 Version 1703 for 32-bit Systems Version: 3.5 on Windows 10 Version 1703 for x64-based Systems Version: 3.5 on Windows 10 Version 1709 for 32-bit Systems Version: 3.5 on Windows 10 Version 1709 for x64-based Systems Version: 3.5 on Windows 10 Version 1803 for 32-bit Systems Version: 3.5 on Windows 10 Version 1803 for x64-based Systems Version: 3.5 on Windows 8.1 for 32-bit systems Version: 3.5 on Windows 8.1 for x64-based systems Version: 3.5 on Windows Server 2012 Version: 3.5 on Windows Server 2012 (Server Core installation) Version: 3.5 on Windows Server 2012 R2 Version: 3.5 on Windows Server 2012 R2 (Server Core installation) Version: 3.5 on Windows Server 2016 Version: 3.5 on Windows Server 2016 (Server Core installation) Version: 3.5 on Windows Server, version 1709 (Server Core Installation) Version: 3.5 on Windows Server, version 1803 (Server Core Installation) Version: 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 Version: 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 Version: 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Version: 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 Version: 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 Version: 4.5.2 on Windows 8.1 for 32-bit systems Version: 4.5.2 on Windows 8.1 for x64-based systems Version: 4.5.2 on Windows RT 8.1 Version: 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: 4.5.2 on Windows Server 2012 Version: 4.5.2 on Windows Server 2012 (Server Core installation) Version: 4.5.2 on Windows Server 2012 R2 Version: 4.5.2 on Windows Server 2012 R2 (Server Core installation) Version: 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 Version: 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) Version: 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems Version: 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 Version: 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) Version: 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems Version: 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems Version: 4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation) Version: 4.7.2 on Windows 10 Version 1803 for 32-bit Systems Version: 4.7.2 on Windows 10 Version 1803 for x64-based Systems Version: 4.7.2 on Windows Server, version 1803 (Server Core Installation) Version: 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems Version: 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:54:34.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104667", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104667", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284", }, { name: "1041257", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041257", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft .NET Framework", vendor: "Microsoft", versions: [ { status: "affected", version: "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "3.5 on Windows 10 for 32-bit Systems", }, { status: "affected", version: "3.5 on Windows 10 for x64-based Systems", }, { status: "affected", version: "3.5 on Windows 10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "3.5 on Windows 10 Version 1607 for x64-based Systems", }, { status: "affected", version: "3.5 on Windows 10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "3.5 on Windows 10 Version 1703 for x64-based Systems", }, { status: "affected", version: "3.5 on Windows 10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "3.5 on Windows 10 Version 1709 for x64-based Systems", }, { status: "affected", version: "3.5 on Windows 10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "3.5 on Windows 10 Version 1803 for x64-based Systems", }, { status: "affected", version: "3.5 on Windows 8.1 for 32-bit systems", }, { status: "affected", version: "3.5 on Windows 8.1 for x64-based systems", }, { status: "affected", version: "3.5 on Windows Server 2012", }, { status: "affected", version: "3.5 on Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "3.5 on Windows Server 2012 R2", }, { status: "affected", version: "3.5 on Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "3.5 on Windows Server 2016", }, { status: "affected", version: "3.5 on Windows Server 2016 (Server Core installation)", }, { status: "affected", version: "3.5 on Windows Server, version 1709 (Server Core Installation)", }, { status: "affected", version: "3.5 on Windows Server, version 1803 (Server Core Installation)", }, { status: "affected", version: "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "3.5.1 on Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "4.5.2 on Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "4.5.2 on Windows 8.1 for 32-bit systems", }, { status: "affected", version: "4.5.2 on Windows 8.1 for x64-based systems", }, { status: "affected", version: "4.5.2 on Windows RT 8.1", }, { status: "affected", version: "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "4.5.2 on Windows Server 2012", }, { status: "affected", version: "4.5.2 on Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "4.5.2 on Windows Server 2012 R2", }, { status: "affected", version: "4.5.2 on Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", }, { status: "affected", version: "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", }, { status: "affected", version: "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", }, { status: "affected", version: "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems", }, { status: "affected", version: "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2", }, { status: "affected", version: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", }, { status: "affected", version: "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)", }, { status: "affected", version: "4.7.2 on Windows 10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "4.7.2 on Windows 10 Version 1803 for x64-based Systems", }, { status: "affected", version: "4.7.2 on Windows Server, version 1803 (Server Core Installation)", }, { status: "affected", version: "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems", }, ], }, ], datePublic: "2018-07-10T00:00:00", descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \".NET Framework Remote Code Injection Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-11T09:57:01", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "104667", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104667", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284", }, { name: "1041257", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041257", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2018-8284", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft .NET Framework", version: { version_data: [ { version_value: "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, { version_value: "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, { version_value: "3.5 on Windows 10 for 32-bit Systems", }, { version_value: "3.5 on Windows 10 for x64-based Systems", }, { version_value: "3.5 on Windows 10 Version 1607 for 32-bit Systems", }, { version_value: "3.5 on Windows 10 Version 1607 for x64-based Systems", }, { version_value: "3.5 on Windows 10 Version 1703 for 32-bit Systems", }, { version_value: "3.5 on Windows 10 Version 1703 for x64-based Systems", }, { version_value: "3.5 on Windows 10 Version 1709 for 32-bit Systems", }, { version_value: "3.5 on Windows 10 Version 1709 for x64-based Systems", }, { version_value: "3.5 on Windows 10 Version 1803 for 32-bit Systems", }, { version_value: "3.5 on Windows 10 Version 1803 for x64-based Systems", }, { version_value: "3.5 on Windows 8.1 for 32-bit systems", }, { version_value: "3.5 on Windows 8.1 for x64-based systems", }, { version_value: "3.5 on Windows Server 2012", }, { version_value: "3.5 on Windows Server 2012 (Server Core installation)", }, { version_value: "3.5 on Windows Server 2012 R2", }, { version_value: "3.5 on Windows Server 2012 R2 (Server Core installation)", }, { version_value: "3.5 on Windows Server 2016", }, { version_value: "3.5 on Windows Server 2016 (Server Core installation)", }, { version_value: "3.5 on Windows Server, version 1709 (Server Core Installation)", }, { version_value: "3.5 on Windows Server, version 1803 (Server Core Installation)", }, { version_value: "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "3.5.1 on Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "4.5.2 on Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "4.5.2 on Windows 8.1 for 32-bit systems", }, { version_value: "4.5.2 on Windows 8.1 for x64-based systems", }, { version_value: "4.5.2 on Windows RT 8.1", }, { version_value: "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, { version_value: "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "4.5.2 on Windows Server 2012", }, { version_value: "4.5.2 on Windows Server 2012 (Server Core installation)", }, { version_value: "4.5.2 on Windows Server 2012 R2", }, { version_value: "4.5.2 on Windows Server 2012 R2 (Server Core installation)", }, { version_value: "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2", }, { version_value: "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", }, { version_value: "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", }, { version_value: "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", }, { version_value: "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", }, { version_value: "4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems", }, { version_value: "4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2", }, { version_value: "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)", }, { version_value: "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", }, { version_value: "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", }, { version_value: "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)", }, { version_value: "4.7.2 on Windows 10 Version 1803 for 32-bit Systems", }, { version_value: "4.7.2 on Windows 10 Version 1803 for x64-based Systems", }, { version_value: "4.7.2 on Windows Server, version 1803 (Server Core Installation)", }, { version_value: "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems", }, { version_value: "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \".NET Framework Remote Code Injection Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "104667", refsource: "BID", url: "http://www.securityfocus.com/bid/104667", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284", refsource: "CONFIRM", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284", }, { name: "1041257", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041257", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2018-8284", datePublished: "2018-07-11T00:00:00", dateReserved: "2018-03-14T00:00:00", dateUpdated: "2024-08-05T06:54:34.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0892 (GCVE-0-2020-0892)
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft Office", vendor: "Microsoft", versions: [ { status: "affected", version: "2019 for 32-bit editions", }, { status: "affected", version: "2019 for 64-bit editions", }, { status: "affected", version: "2019 for Mac", }, { status: "affected", version: "2016 for Mac", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, ], }, { product: "Office 365 ProPlus", vendor: "Microsoft", versions: [ { status: "affected", version: "32-bit Systems", }, { status: "affected", version: "64-bit Systems", }, ], }, { product: "Microsoft Office Online Server", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft Word", vendor: "Microsoft", versions: [ { status: "affected", version: "2016 (32-bit edition)", }, { status: "affected", version: "2016 (64-bit edition)", }, { status: "affected", version: "2010 Service Pack 2 (32-bit editions)", }, { status: "affected", version: "2010 Service Pack 2 (64-bit editions)", }, { status: "affected", version: "2013 RT Service Pack 1", }, { status: "affected", version: "2013 Service Pack 1 (32-bit editions)", }, { status: "affected", version: "2013 Service Pack 1 (64-bit editions)", }, ], }, { product: "Microsoft Office Web Apps", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T15:48:55", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0892", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft Office", version: { version_data: [ { version_value: "2019 for 32-bit editions", }, { version_value: "2019 for 64-bit editions", }, { version_value: "2019 for Mac", }, { version_value: "2016 for Mac", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, ], }, }, { product_name: "Office 365 ProPlus", version: { version_data: [ { version_value: "32-bit Systems", }, { version_value: "64-bit Systems", }, ], }, }, { product_name: "Microsoft Office Online Server", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft Word", version: { version_data: [ { version_value: "2016 (32-bit edition)", }, { version_value: "2016 (64-bit edition)", }, { version_value: "2010 Service Pack 2 (32-bit editions)", }, { version_value: "2010 Service Pack 2 (64-bit editions)", }, { version_value: "2013 RT Service Pack 1", }, { version_value: "2013 Service Pack 1 (32-bit editions)", }, { version_value: "2013 Service Pack 1 (64-bit editions)", }, ], }, }, { product_name: "Microsoft Office Web Apps", version: { version_data: [ { version_value: "2010 Service Pack 2", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0892", datePublished: "2020-03-12T15:48:55", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0976 (GCVE-0-2020-0976)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.624Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T15:13:11", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0976", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0976", datePublished: "2020-04-15T15:13:11", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:18:03.624Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1227 (GCVE-0-2020-1227)
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1227 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:31:59.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1227", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-09-08T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T21:34:51.879Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1227", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1227", datePublished: "2020-09-11T17:09:09", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:31:59.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1260 (GCVE-0-2019-1260)
Vulnerability from cvelistv5
Published
2019-09-11 21:24
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Foundation |
Version: 2010 Service Pack 2 Version: 2013 Service Pack 1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:13:30.323Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, ], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-11T21:24:59", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1260", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1260", datePublished: "2019-09-11T21:24:59", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:13:30.323Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-1006 (GCVE-0-2019-1006)
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 Version: 8.1 for 32-bit systems Version: 8.1 for x64-based systems Version: RT 8.1 Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems Version: 10 Version 1703 for 32-bit Systems Version: 10 Version 1703 for x64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for ARM64-based Systems |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:31.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "8.1 for 32-bit systems", }, { status: "affected", version: "8.1 for x64-based systems", }, { status: "affected", version: "RT 8.1", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, { status: "affected", version: "10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "10 Version 1703 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { status: "affected", version: "2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "2008 for 32-bit Systems Service Pack 2 (Core installation)", }, { status: "affected", version: "2012", }, { status: "affected", version: "2012 (Core installation)", }, { status: "affected", version: "2012 R2", }, { status: "affected", version: "2012 R2 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "2008 for x64-based Systems Service Pack 2 (Core installation)", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft .NET Framework 4.5.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 4.6", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows RT 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "1903", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft.IdentityModel", vendor: "Microsoft", versions: [ { status: "affected", version: "7.0.0", }, ], }, { product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016", }, { status: "affected", version: "Windows 10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1607 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016 (Server Core installation)", }, { status: "affected", version: "Windows 10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1703 for x64-based Systems", }, { status: "affected", version: "Windows 10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1709 for x64-based Systems", }, { status: "affected", version: "Windows 10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1803 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1803 (Server Core Installation)", }, ], }, { product: "Microsoft .NET Framework 3.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 2.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-15T18:56:20", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1006", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "7 for 32-bit Systems Service Pack 1", }, { version_value: "7 for x64-based Systems Service Pack 1", }, { version_value: "8.1 for 32-bit systems", }, { version_value: "8.1 for x64-based systems", }, { version_value: "RT 8.1", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, { version_value: "10 Version 1703 for 32-bit Systems", }, { version_value: "10 Version 1703 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { version_value: "2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "2008 for 32-bit Systems Service Pack 2 (Core installation)", }, { version_value: "2012", }, { version_value: "2012 (Core installation)", }, { version_value: "2012 R2", }, { version_value: "2012 R2 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "2008 for 32-bit Systems Service Pack 2", }, { version_value: "2008 for x64-based Systems Service Pack 2", }, { version_value: "2008 for x64-based Systems Service Pack 2 (Core installation)", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft .NET Framework 4.5.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6", version: { version_data: [ { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", version: { version_data: [ { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows RT 8.1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "1903", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft.IdentityModel", version: { version_data: [ { version_value: "7.0.0", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5", version: { version_data: [ { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, { version_value: "Windows Server 2016", }, { version_value: "Windows 10 Version 1607 for 32-bit Systems", }, { version_value: "Windows 10 Version 1607 for x64-based Systems", }, { version_value: "Windows Server 2016 (Server Core installation)", }, { version_value: "Windows 10 Version 1703 for 32-bit Systems", }, { version_value: "Windows 10 Version 1703 for x64-based Systems", }, { version_value: "Windows 10 Version 1709 for 32-bit Systems", }, { version_value: "Windows 10 Version 1709 for x64-based Systems", }, { version_value: "Windows 10 Version 1803 for 32-bit Systems", }, { version_value: "Windows 10 Version 1803 for x64-based Systems", }, { version_value: "Windows Server, version 1803 (Server Core Installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 3.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 2.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5.1", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1006", datePublished: "2019-07-15T18:56:20", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:06:31.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-16946 (GCVE-0-2020-16946)
Vulnerability from cvelistv5
Published
2020-10-16 22:18
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16946 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16946", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Enterprise Server 2016", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft SharePoint Foundation 2010 Service Pack 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SharePoint Foundation 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:20:19.582Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16946", }, ], title: "Microsoft Office SharePoint XSS Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16946", datePublished: "2020-10-16T22:18:00", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.672Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-0894 (GCVE-0-2020-0894)
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2025-02-28 20:11
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:18:03.432Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2020-0894", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-18T18:14:43.382637Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:11:41.031Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.", }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-12T15:48:56.000Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-0894", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Spoofing", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-0894", datePublished: "2020-03-12T15:48:56.000Z", dateReserved: "2019-11-04T00:00:00.000Z", dateUpdated: "2025-02-28T20:11:41.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-1439 (GCVE-0-2020-1439)
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:39
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-874/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2013 Service Pack 1 Version: 2016 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T06:39:10.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-874/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, { status: "affected", version: "2016", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, { status: "affected", version: "2010 Service Pack 2", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2013 Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T17:06:16", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-874/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2020-1439", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2013 Service Pack 1", }, { version_value: "2016", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, { version_value: "2010 Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2013 Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-20-874/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-20-874/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-1439", datePublished: "2020-07-14T22:54:44", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-04T06:39:10.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-08-17 19:15
Modified
2024-11-21 05:10
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando el Microsoft SharePoint Server presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\"'.", }, ], id: "CVE-2020-1505", lastModified: "2024-11-21T05:10:42.480", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-08-17T19:15:16.943", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:09
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
<p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\"", }, ], id: "CVE-2020-1205", lastModified: "2024-11-21T05:09:58.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 2.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 2.5, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:19.620", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1205", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5147 | Not Applicable | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nvidia.custhelp.com/app/answers/detail/a_id/5147 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código remota en Microsoft SharePoint Server cuando falla al identificar y filtrar apropiadamente los controles web ASP.Net no seguros, también se conoce como \"Microsoft SharePoint Server Remote Code Execution Vulnerability\".", }, ], id: "CVE-2020-1069", lastModified: "2024-11-21T05:09:41.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-21T23:15:12.947", references: [ { source: "secure@microsoft.com", tags: [ "Not Applicable", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5147", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://nvidia.custhelp.com/app/answers/detail/a_id/5147", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-09 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-100A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-100A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | groove_server | 2010 | |
| microsoft | infopath | 2010 | |
| microsoft | infopath | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "8B95E5BF-DD0E-4FD4-8462-3E3727B81B56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:infopath:2010:sp1:x64:*:*:*:*:*", matchCriteriaId: "5EAAEB2B-37E6-414E-9194-B43590997CAD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:infopath:2010:sp1:x86:*:*:*:*:*", matchCriteriaId: "1770E2C1-A935-4EDF-9F2E-89C08156BB0F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1 y Office Web Apps 2010 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una cadena hecha a mano, también conocido como \"HTML Sanitization Vulnerability\".", }, ], id: "CVE-2013-1289", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-04-09T22:55:01.110", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-100A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-035", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16599", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-12 14:29
Modified
2024-11-21 04:35
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | project_server | 2010 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "0B02D845-F95D-44D7-AB4C-2E464C3AB783", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente creada para un servidor de SharePoint afectado, también se conoce como “Microsoft Office SharePoint XSS Vulnerability”. Este ID de CVE es diferente de CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.", }, ], id: "CVE-2019-1036", lastModified: "2024-11-21T04:35:53.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-12T14:29:03.617", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1036", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1514, CVE-2020-1575", }, ], id: "CVE-2020-1482", lastModified: "2024-11-21T05:10:39.207", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:20.980", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1482", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | lync | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | skype_for_business | 2015 | |
| microsoft | skype_for_business | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:lync:2013:*:*:*:*:*:*:*", matchCriteriaId: "57F4F185-8709-4846-B017-A09C7A0D58B8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:skype_for_business:2015:cumulative_update_8:*:*:*:*:*:*", matchCriteriaId: "9CE0C9B4-FCB1-4A31-84DA-09756C93FDAD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:skype_for_business:2019:cumulative_update_2:*:*:*:*:*:*", matchCriteriaId: "38ABD417-45D5-4212-BC19-929B71E6D1D2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando Microsoft SharePoint Server y Skype for Business Server manejan inapropiadamente la comprobación de del token de OAuth, también se conoce como \"Microsoft Office Elevation of Privilege Vulnerability\"", }, ], id: "CVE-2020-1025", lastModified: "2024-11-21T05:09:35.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:11.447", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.", }, { lang: "es", value: "Hay una vulnerabilidad de \"spoofing\" cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.", }, ], id: "CVE-2020-0975", lastModified: "2024-11-21T04:54:34.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:18.497", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-13 01:15
Modified
2025-02-28 21:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-1225/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-1225/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-41344", }, ], id: "CVE-2021-40487", lastModified: "2025-02-28T21:15:18.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-10-13T01:15:12.190", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1225/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1225/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-10 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034976 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2016 | |
| microsoft | excel_for_mac | 2011 | |
| microsoft | excel_for_mac | 2016 | |
| microsoft | excel_viewer | * | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "94F5E2F8-0D37-4FCC-B55A-9F09C421272C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*", matchCriteriaId: "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*", matchCriteriaId: "E28626D8-AF3A-487F-BAAB-3955E44D2A35", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F564117D-450D-45C4-9688-AF35F630A8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:*:*", matchCriteriaId: "09BF0981-749E-470B-A7AC-95AD087797EF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "0FF929F6-6551-4358-AFBE-3495E8DC7BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "0C6BEA4C-18FE-48D1-86AB-670833528150", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "971EC323-267F-4DAF-BA3B-10A47A9F1ADA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "C3E93E7B-E61E-4755-8AE8-C333E6144655", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel para Mac 2011, Excel 2016 para Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services en SharePoint Server 2007 SP3, Excel Services en SharePoint Server 2010 SP2, Excel Services en SharePoint Server 2013 SP1 y Office Web Apps 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-0054", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-10T11:59:18.643", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1034976", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034976", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-09 17:15
Modified
2024-11-21 06:45
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server", }, ], id: "CVE-2022-22005", lastModified: "2024-11-21T06:45:52.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, ], }, published: "2022-02-09T17:15:09.893", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22005", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:36
Severity ?
Summary
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios en Microsoft SharePoint, también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability\".", }, ], id: "CVE-2019-1260", lastModified: "2024-11-21T04:36:21.400", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:16.647", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1260", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Microsoft SharePoint. Este ID de CVE es diferente de CVE-2020-17118", }, ], id: "CVE-2020-17121", lastModified: "2024-11-21T05:07:51.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:14.730", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17121", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2025-02-28 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es único de CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320", }, ], id: "CVE-2020-1298", lastModified: "2025-02-28T20:15:37.063", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-06-09T20:15:19.663", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1298", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-15 19:15
Modified
2024-11-21 04:35
Severity ?
Summary
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_server_2019 | - | |
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_7 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.8 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | identitymodel | 7.0.0 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1903 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 1803 | |
| microsoft | windows_server_2016 | 1903 | |
| microsoft | windows_server_2019 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", matchCriteriaId: "B320A104-9037-487E-BC9A-62B4A6B49FD0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", matchCriteriaId: "2D3F18AF-84ED-473B-A8DF-65EB23C475AF", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:identitymodel:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F9EE6484-D1D2-42B0-B09D-9A4FED158C6A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", matchCriteriaId: "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*", matchCriteriaId: "B320A104-9037-487E-BC9A-62B4A6B49FD0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", matchCriteriaId: "CAACE735-003E-4ACB-A82E-C0CF97D7F013", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", matchCriteriaId: "5B921FDB-8E7D-427E-82BE-4432585080CF", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de omisión de autenticación en Windows Communication Foundation (WCF) y Windows Identity Foundation (WIF), permitiendo la firma de tokens SAML con claves simétricas arbitrarias, también se conoce como \"WCF/WIF SAML Token Authentication Bypass Vulnerability\".", }, ], id: "CVE-2019-1006", lastModified: "2024-11-21T04:35:49.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-15T19:15:16.390", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, { lang: "es", value: "Hay una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software falla al comprobar la marcación del origen de un paquete de aplicaciones, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, ], id: "CVE-2020-0920", lastModified: "2024-11-21T04:54:27.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:15.713", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-11 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1031896 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031896 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | office_web_apps_server | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | powerpoint | 2007 | |
| microsoft | powerpoint | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | web_applications | 2010 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "94F5E2F8-0D37-4FCC-B55A-9F09C421272C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*", matchCriteriaId: "E28626D8-AF3A-487F-BAAB-3955E44D2A35", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*", matchCriteriaId: "3C4CFF7E-7170-4A6B-9A59-9815EE896C62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "971EC323-267F-4DAF-BA3B-10A47A9F1ADA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*", matchCriteriaId: "BB0CF266-A7EE-474A-B3D3-4A7FE33F4C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*", matchCriteriaId: "DC25ACD6-8F48-4534-AF7B-53F0D10C0843", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:*:*:*:gold:*:*:*", matchCriteriaId: "F4C9D0D2-4D72-4712-8056-9EDDF741723B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:*:*:*:rt_gold:*:*:*", matchCriteriaId: "6DF78996-DFB3-4102-9E98-FF2B56FB67B1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "84149DF3-54BA-4738-9386-6C29B4E9448F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:gold:*:*:*", matchCriteriaId: "8252ABD2-4FC5-4C7F-9A73-625B47EA980B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "AE2E98C5-71A4-4014-AFC4-5438FEC196D2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9CCB2D72-B779-4772-8F72-7177E3F47A92", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:-:-:*:gold:*:*:*", matchCriteriaId: "A9626946-8339-4E06-BBF6-904D0ACC5ACF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:-:-:*:gold:*:*:*", matchCriteriaId: "90DBE271-001E-4783-86F5-E14977F95F13", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp3:*:*:*:*:*:*", matchCriteriaId: "70F505C4-2D2D-4336-95C0-78644F2C5636", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:web_applications:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "AC93E283-E88A-41F1-90B6-CD256FF02F11", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:*:*:*:gold:*:*:*", matchCriteriaId: "E625EEC9-52BF-49F9-BD10-CA1E2FF0B227", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:*:*:*:rt_gold:*:*:*", matchCriteriaId: "004A33A3-2DE6-4DEE-9350-BE0C233F4A51", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold and SP1, Office 2013 RT Gold and SP1, Word 2013 RT Gold and SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold and SP1, Word Automation Services on SharePoint Server 2013 Gold and SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold and SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Component Use After Free Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de uso después de liberación en Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold and SP1, Word 2013 Gold y SP1, Office 2013 RT Gold y SP1, Word 2013 RT Gold y SP1, Excel Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Excel Services on SharePoint Server 2013 Gold y SP1, Word Automation Services on SharePoint Server 2013 Gold y SP1, Web Applications 2010 SP2, Office Web Apps Server 2010 SP2, Web Apps Server 2013 Gold y SP1, SharePoint Server 2007 SP3, Windows SharePoint Services 3.0 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold y SP1, y SharePoint Server 2013 Gold y SP1 permite a atacantes remotos ejecutar código arbitrario a través de un documento de Office manipulado, también conocido como 'vulnerabilidad del uso después de liberación de componentes de Microsoft Office.'", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", id: "CVE-2015-0085", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-03-11T10:59:12.533", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1031896", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031896", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-08 23:15
Modified
2024-11-21 06:06
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/163080/Microsoft-SharePoint-Server-16.0.10372.20060-Server-Side-Request-Forgery.html | Exploit, Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163080/Microsoft-SharePoint-Server-16.0.10372.20060-Server-Side-Request-Forgery.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-31948, CVE-2021-31964", }, ], id: "CVE-2021-31950", lastModified: "2024-11-21T06:06:34.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-06-08T23:15:08.697", references: [ { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/163080/Microsoft-SharePoint-Server-16.0.10372.20060-Server-Side-Request-Forgery.html", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/163080/Microsoft-SharePoint-Server-16.0.10372.20060-Server-Side-Request-Forgery.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31950", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-14 18:15
Modified
2024-11-21 06:10
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-830/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-830/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Divulgación de Información de Microsoft SharePoint Server", }, ], id: "CVE-2021-34519", lastModified: "2024-11-21T06:10:35.510", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 2.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-07-14T18:15:12.223", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-830/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-830/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint. Este ID de CVE es diferente de CVE-2021-1717", }, ], id: "CVE-2021-1641", lastModified: "2024-11-21T05:44:47.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 2.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-01-12T20:15:30.337", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1641", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-13 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"SharePoint Directory Traversal Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Microsoft SharePoint Server 2010 SP1 y SharePoint Foundation 2010 SP1, permite a atacantes remotos evitar las restricciones de acceso a lectura establecidas para los contenidos y secuestrar las cuentas de usuarios a través de una URL manipulada. Aka \"SharePoint Directory Traversal Vulnerability.\"", }, ], id: "CVE-2013-0084", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-13T00:55:01.217", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16445", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-12 19:15
Modified
2024-11-21 04:36
Severity ?
Summary
An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información en Microsoft SharePoint cuando un atacante carga un archivo especialmente diseñado en el servidor de SharePoint. Un atacante autenticado que explotó con éxito esta vulnerabilidad podría aprovechar potencialmente la funcionalidad de SharePoint para obtener hashes SMB. La actualización de seguridad aborda la vulnerabilidad al corregir la forma en que SharePoint comprueba el contenido del archivo, también se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\".", }, ], id: "CVE-2019-1443", lastModified: "2024-11-21T04:36:42.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-12T19:15:15.660", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2025-02-28 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318", }, ], id: "CVE-2020-1320", lastModified: "2025-02-28T20:15:37.373", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-06-09T20:15:21.193", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1320", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:44
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 20h2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_10 | 1809 | |
| microsoft | windows_10 | 1909 | |
| microsoft | windows_10 | 2004 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | - | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2016 | 20h2 | |
| microsoft | windows_server_2016 | 1909 | |
| microsoft | windows_server_2016 | 2004 | |
| microsoft | windows_server_2019 | - | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", matchCriteriaId: "9E2C378B-1507-4C81-82F6-9F599616845A", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", matchCriteriaId: "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", matchCriteriaId: "E9273B95-20ED-4547-B0A8-95AD15B30372", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", matchCriteriaId: "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", matchCriteriaId: "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", matchCriteriaId: "4A190388-AA82-4504-9D5A-624F23268C9F", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", matchCriteriaId: "C253A63F-03AB-41CB-A03A-B2674DEA98AA", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", matchCriteriaId: "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", vulnerable: true, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", matchCriteriaId: "DB79EE26-FC32-417D-A49C-A1A63165A968", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint", }, ], id: "CVE-2021-1726", lastModified: "2024-11-21T05:44:58.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:13.553", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 05:59
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Microsoft SharePoint Denial of Service Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Denial of Service Vulnerability", }, { lang: "es", value: "Una Actualización de una Denegación de Servicio de Microsoft SharePoint", }, ], id: "CVE-2021-28450", lastModified: "2024-11-21T05:59:41.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 1.4, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-04-13T20:15:20.140", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28450", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28450", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-09-09 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1033489 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033489 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka \"Microsoft SharePoint XSS Spoofing Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en Microsoft SharePoint Foundation 2013 SP1, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un contenido manipulado, también conocida como 'Microsoft SharePoint XSS Spoofing Vulnerability.'", }, ], id: "CVE-2015-2522", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-09-09T00:59:34.287", references: [ { source: "secure@microsoft.com", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1033489", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1033489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-099", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-16946", }, ], id: "CVE-2020-16945", lastModified: "2024-11-21T05:07:29.003", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 5.8, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:15.960", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16945", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16945", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-13 19:15
Modified
2024-11-21 07:11
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint", }, ], id: "CVE-2022-35823", lastModified: "2024-11-21T07:11:45.567", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2022-09-13T19:15:11.083", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35823", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p>
<p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p>
<p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p>\n<p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p>\n<p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando Microsoft SharePoint Server divulga inapropiadamente su estructura de carpetas al renderizar páginas web específicas, también se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\". Este ID de CVE es diferente de CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953", }, ], id: "CVE-2020-16942", lastModified: "2024-11-21T05:07:28.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:15.820", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-09 22:15
Modified
2024-11-21 07:22
Severity ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Vulnerabilidad de suplantación de identidad de Microsoft SharePoint Server", }, ], id: "CVE-2022-41122", lastModified: "2024-11-21T07:22:39.850", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-11-09T22:15:25.067", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41122", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka \"Editform Script Injection Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en EditForm.aspx en Microsoft Office SharePoint Server 2010 y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un mensaje. Es un problema también conocido como \"Vulnerabilidad de inyección en el script EditForm.\"", }, ], id: "CVE-2011-1890", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-09-15T12:26:48.587", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-14 12:29
Modified
2024-11-21 04:13
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104317 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041106 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104317 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041106 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición web especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" Esto afecta a Microsoft SharePoint. El ID de este CVE es diferente de CVE-2018-8254.", }, ], id: "CVE-2018-8252", lastModified: "2024-11-21T04:13:30.280", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-14T12:29:02.663", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104317", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041106", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104317", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8252", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977.", }, { lang: "es", value: "Hay una vulnerabilidad de \"spoofing\" cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2020-0972, CVE-2020-0975, CVE-2020-0977.", }, ], id: "CVE-2020-0976", lastModified: "2024-11-21T04:54:34.750", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:18.557", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2025-02-28 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1183 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1183 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320", }, ], id: "CVE-2020-1183", lastModified: "2025-02-28T20:15:36.723", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-06-09T20:15:13.240", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1183", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1183", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p>
<p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p>
<p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p>\n<p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p>\n<p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando Microsoft SharePoint Server divulga inapropiadamente su estructura de carpetas al renderizar páginas web específicas, también se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\". Este ID de CVE es diferente de CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953", }, ], id: "CVE-2020-16941", lastModified: "2024-11-21T05:07:28.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:15.757", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>
<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>\n<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando Microsoft SharePoint Server presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\". Este ID de CVE es diferente de CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16950", }, ], id: "CVE-2020-16953", lastModified: "2024-11-21T05:07:30.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:16.383", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16953", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-11 07:15
Modified
2024-11-21 05:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Ejecución Remota de Código de Microsoft SharePoint", }, ], id: "CVE-2020-17061", lastModified: "2024-11-21T05:07:44.100", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-11-11T07:15:17.247", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17061", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17061", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_designer | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "304608B5-63CB-4F95-9C5B-2D5EFA83BC36", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-16945", }, ], id: "CVE-2020-16946", lastModified: "2024-11-21T05:07:29.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 5.8, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:16.023", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16946", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16946", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-09 19:29
Modified
2024-11-21 04:13
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104047 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040856 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104047 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040856 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición web especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" Esto afecta a Microsoft SharePoint. El ID de este CVE es diferente de CVE-2018-8149, CVE-2018-8156 y CVE-2018-8168.", }, ], id: "CVE-2018-8155", lastModified: "2024-11-21T04:13:21.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-09T19:29:02.353", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104047", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040856", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104047", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040856", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8155", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-11 16:15
Modified
2024-11-21 05:57
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-276/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-276/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | business_productivity_servers | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:business_productivity_servers:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "0CC3B020-7F19-49D5-8034-567E379C6CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server", }, ], id: "CVE-2021-27076", lastModified: "2024-11-21T05:57:18.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-03-11T16:15:18.190", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-276/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-276/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-12 14:29
Modified
2024-11-21 04:35
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | project_server | 2010 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "0B02D845-F95D-44D7-AB4C-2E464C3AB783", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente creada para un servidor de SharePoint afectado, también se conoce como “Microsoft Office SharePoint XSS Vulnerability”. Este ID de CVE es diferente de CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.", }, ], id: "CVE-2019-1033", lastModified: "2024-11-21T04:35:53.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-12T14:29:03.510", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1033", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-14 01:29
Modified
2024-11-21 04:14
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105831 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105831 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición web especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" Esto afecta a Microsoft SharePoint Server y Microsoft SharePoint. El ID de este CVE es diferente de CVE-2018-8568.", }, ], id: "CVE-2018-8572", lastModified: "2024-11-21T04:14:03.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-14T01:29:01.677", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105831", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:09
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-20-694/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-694/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint Server cuando no puede identificar y filtrar apropiadamente los controles web ASP.Net no seguros, también se conoce como \"Microsoft SharePoint Server Remote Code Execution Vulnerability\"", }, ], id: "CVE-2020-1181", lastModified: "2024-11-21T05:09:55.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-09T20:15:13.163", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-694/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-694/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-13 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka \"Buffer Size Validation Vulnerability.\"", }, { lang: "es", value: "Microsoft OneNote 2010 SP1 no determina adecuadamente los tamaños de buffer durante la ubicación de memoria, lo que permite a atacantes remotos obtener información sensible a través de un archivo OneNote, aka \"Buffer Size Validation Vulnerability.\"", }, ], id: "CVE-2013-0086", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-13T00:55:01.247", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-15 19:15
Modified
2024-11-21 06:50
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de suplantación de identidad de Microsoft SharePoint Server", }, ], id: "CVE-2022-24472", lastModified: "2024-11-21T06:50:29.357", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2022-04-15T19:15:09.850", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24472", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-11 16:15
Modified
2024-11-21 05:52
Severity ?
4.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint", }, ], id: "CVE-2021-24104", lastModified: "2024-11-21T05:52:21.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.5, impactScore: 2.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-03-11T16:15:13.550", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24104", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-11 07:15
Modified
2024-11-21 05:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, { lang: "es", value: "Vulnerabilidad de divulgación de información de Microsoft SharePoint Este ID de CVE es diferente de CVE-2020-16979", }, ], id: "CVE-2020-17017", lastModified: "2024-11-21T05:07:38.317", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-11-11T07:15:14.590", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17017", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-11 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1031895 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031895 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:-:-:*:gold:*:*:*", matchCriteriaId: "90DBE271-001E-4783-86F5-E14977F95F13", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:-:-:*:gold:*:*:*", matchCriteriaId: "A9626946-8339-4E06-BBF6-904D0ACC5ACF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en Microsoft SharePoint Foundation 2013 Gold y SP1 y SharePoint Server 2013 Gold y SP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una solicitud manipulada, también conocido como 'vulnerabilidad de XSS de Microsoft SharePoint.'", }, ], id: "CVE-2015-1636", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-03-11T10:59:37.350", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1031895", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031895", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-11 07:15
Modified
2024-11-21 05:07
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Microsoft SharePoint Spoofing Este ID de CVE es diferente de CVE-2020-17015, CVE-2020-17060", }, ], id: "CVE-2020-17016", lastModified: "2024-11-21T05:07:38.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-11-11T07:15:14.530", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17016", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17016", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-09 21:29
Modified
2025-02-28 21:15
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0830.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente creada para un servidor de SharePoint afectado, también se conoce como “Microsoft Office SharePoint XSS Vulnerability”. Este ID de CVE es diferente de CVE-2019-0830.", }, ], id: "CVE-2019-0831", lastModified: "2025-02-28T21:15:13.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-04-09T21:29:01.693", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0831", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-11 07:15
Modified
2024-11-21 05:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Divulgación de Información de Microsoft SharePoint Este ID de CVE es diferente de CVE-2020-17017", }, ], id: "CVE-2020-16979", lastModified: "2024-11-21T05:07:33.463", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-11-11T07:15:12.513", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16979", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16979", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-08 23:15
Modified
2024-11-21 06:06
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Divulgación de Información en Microsoft SharePoint Server", }, ], id: "CVE-2021-31965", lastModified: "2024-11-21T06:06:37.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-06-08T23:15:09.057", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31965", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
<p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.</p>
<p>An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions, delete content, steal sensitive information (such as browser cookies) and inject malicious content in the browser of the victim.</p>
<p>For this vulnerability to be exploited, a user must click a specially crafted URL that takes the user to a targeted SharePoint Web App site.</p>
<p>In an email attack scenario, an attacker could exploit the vulnerability by sending an email message containing the specially crafted URL to the user of the targeted SharePoint Web App site and convincing the user to click the specially crafted URL.</p>
<p>In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted URL to the targeted SharePoint Web App site that is used to attempt to exploit these vulnerabilities. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an instant messenger or email message that takes them to the attacker's website, and then convince them to click the specially crafted URL.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes user web requests.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.</p>\n<p>An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions, delete content, steal sensitive information (such as browser cookies) and inject malicious content in the browser of the victim.</p>\n<p>For this vulnerability to be exploited, a user must click a specially crafted URL that takes the user to a targeted SharePoint Web App site.</p>\n<p>In an email attack scenario, an attacker could exploit the vulnerability by sending an email message containing the specially crafted URL to the user of the targeted SharePoint Web App site and convincing the user to click the specially crafted URL.</p>\n<p>In a web-based attack scenario, an attacker would have to host a website that contains a specially crafted URL to the targeted SharePoint Web App site that is used to attempt to exploit these vulnerabilities. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an instant messenger or email message that takes them to the attacker's website, and then convince them to click the specially crafted URL.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes user web requests.</p>\n", }, { lang: "es", value: "Esta vulnerabilidad se produce cuando SharePoint Server no sanea apropiadamente una petición especialmente diseñada para un servidor de SharePoint afectado. Un atacante autenticado podría explotar esta vulnerabilidad mediante el envío de una petición especialmente diseñada a un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Reflective XSS Vulnerability\"", }, ], id: "CVE-2020-16944", lastModified: "2024-11-21T05:07:28.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 5.8, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:15.913", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16944", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16944", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333 | Exploit | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543 | Vendor Advisory | |
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2003 | |
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel | 2013 | |
| microsoft | excel_viewer | * | |
| microsoft | office | 2011 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_portal_server | 2003 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "CEBB33CD-CACF-4EB8-8B5F-8E1CB8D7A440", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "94F5E2F8-0D37-4FCC-B55A-9F09C421272C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "96EBA20F-201E-43AA-9F83-B73FB31696C6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*", matchCriteriaId: "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:x86:*:*", matchCriteriaId: "3C4CFF7E-7170-4A6B-9A59-9815EE896C62", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:*:*", matchCriteriaId: "0390EFCA-87B4-42D6-817A-603765F49816", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:*:x64:*", matchCriteriaId: "08795370-2A25-4F0D-970D-9B087F980BBD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:*:*:*:*:x86:*:*", matchCriteriaId: "78F27907-6FAB-4A9D-B100-B3D170520A74", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "971EC323-267F-4DAF-BA3B-10A47A9F1ADA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2011:*:mac:*:*:*:*:*", matchCriteriaId: "0D84FC39-29AA-4EF2-ACE7-E72635126F2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "D133FB73-C7F6-481C-B050-C242C771ED21", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", matchCriteriaId: "858F70F4-3128-477D-ACAA-73F0AFA23A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "55C05DB1-03DC-454B-85E5-715938F0E13E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft SharePoint Server 2007 SP3, 2010 SP1 y SP2, y 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 y SP2, 2013, y 2013 RT; Office para Mac 2011; Excel Viewer; y Office Compatibility Pack SP3 permiten a un atacante remoto ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria), a través de un documento Office manipulado, tambien conocida como \"Vulnerabilidad de Corrupción de Memoria en Microsoft Office\".", }, ], id: "CVE-2013-1315", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.027", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { source: "secure@microsoft.com", tags: [ "Exploit", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-073", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18333", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18950", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-05-14 11:13
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/67288 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1030227 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67288 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030227 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps_server | 2013 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server_client_components_sdk | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:*:*:*:*:*:*:*", matchCriteriaId: "1406756C-F15D-4AF8-A8BD-3ED7DF1E427D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "993E5C5C-4C78-4CDA-BF67-5A35814EF621", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_client_components_sdk:2013:*:*:*:*:*:*:*", matchCriteriaId: "AAF4913D-2820-4AE2-8C83-EB11E29E25FE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en Microsoft SharePoint Server 2013 Gold y SP1, SharePoint Foundation 2013 Gold y SP1, Office Web Apps Server 2013 Gold y SP1 y SharePoint Server 2013 Client Components SDK permite a atacantes remotos enyectar secuencias de comandos web o HTML arbitrarios a través de una solicitud manipulada, también conocido como 'vulnerabilidad de XSS de SharePoint.'", }, ], id: "CVE-2014-1754", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-05-14T11:13:06.147", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/67288", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1030227", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/67288", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2025-02-28 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973.", }, { lang: "es", value: "Hay una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973.", }, ], id: "CVE-2020-0978", lastModified: "2025-02-28T20:15:35.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-04-15T15:15:18.683", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2025-02-28 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1297 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1297 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es único de CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320", }, ], id: "CVE-2020-1297", lastModified: "2025-02-28T20:15:36.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-06-09T20:15:19.600", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1297", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-14 21:15
Modified
2024-11-21 04:36
Severity ?
Summary
An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.
To exploit this vulnerability, the attacker could run a specially crafted application.
The security update corrects how SharePoint handles session objects to prevent user session hijacking.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.\nTo exploit this vulnerability, the attacker could run a specially crafted application.\nThe security update corrects how SharePoint handles session objects to prevent user session hijacking.\n", }, { lang: "es", value: "Existe una vulnerabilidad de divulgación de información en la manera en que Microsoft SharePoint maneja los objetos de sesión, también se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\".", }, ], id: "CVE-2019-1202", lastModified: "2024-11-21T04:36:14.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-14T21:15:18.033", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-13 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2016-0011.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034653 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034653 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka \"Microsoft SharePoint Security Feature Bypass,\" a different vulnerability than CVE-2016-0011.", }, { lang: "es", value: "Microsoft SharePoint Server 2013 SP1 y SharePoint Foundation 2013 SP1 permiten a usuarios remotos autenticados eludir las restricciones destinadas al Access Control Policy y llevar a cabo ataques de XSS mediante la modificación de un elemento web, también conocido como \"Microsoft SharePoint Security Feature Bypass,\" una vulnerabilidad diferente a CVE-2016-0011.", }, ], id: "CVE-2015-6117", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-13T05:59:00.120", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1034653", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-14 18:15
Modified
2024-11-21 06:10
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad en Microsoft SharePoint Server", }, ], id: "CVE-2021-34517", lastModified: "2024-11-21T06:10:35.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-07-14T18:15:12.157", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34517", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-16 21:15
Modified
2024-11-21 06:10
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-34468, CVE-2021-34520", }, ], id: "CVE-2021-34467", lastModified: "2024-11-21T06:10:28.543", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-07-16T21:15:10.103", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34467", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "55C05DB1-03DC-454B-85E5-715938F0E13E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad XSS en Microsoft SharePoint Server 2007 SP3, 2010 SP1 y SP2, y 2013 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de una petición manipulada. Aka \"SharePoint XSS Vulnerability.\"", }, ], id: "CVE-2013-3179", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.127", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server", }, ], id: "CVE-2021-1707", lastModified: "2024-11-21T05:44:56.597", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-01-12T20:15:34.230", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1707", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | business_productivity_servers | 2010 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:business_productivity_servers:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "0CC3B020-7F19-49D5-8034-567E379C6CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, { lang: "es", value: "Hay una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software da un fallo al comprobar la marcación del origen de un paquete de aplicaciones, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, ], id: "CVE-2020-0931", lastModified: "2024-11-21T04:54:29.230", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:16.183", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:36
Severity ?
Summary
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad en Microsoft SharePoint cuando maneja inapropiadamente peticiones para autorizar aplicaciones, resultando en un problema de tipo cross-site request forgery (CSRF). Para explotar esta vulnerabilidad, un atacante necesitaría crear una página específicamente diseñada para causar una petición de tipo cross-site, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2019-1259.", }, ], id: "CVE-2019-1261", lastModified: "2024-11-21T04:36:21.513", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:16.697", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1261", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | sharepoint_services | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*", matchCriteriaId: "CF40F903-0026-4673-89A3-6F889D877E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*", matchCriteriaId: "376C9A84-74B1-4717-B88E-153ADD7D686D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka \"Contact Details Reflected XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Windows SharePoint Services 3.0 SP2, y SharePoint Server 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados en una solicitud a un script. Es un problema también conocido como \"Vulnerabilidad de XSS de Detalles de Contacto reflejados\".", }, ], id: "CVE-2011-1891", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-09-15T12:26:48.617", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12864", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-11 19:15
Modified
2025-02-28 20:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Information Disclosure Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Divulgación de Información de Microsoft SharePoint Server", }, ], id: "CVE-2021-31173", lastModified: "2025-02-28T20:15:38.377", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-05-11T19:15:09.560", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2015-10-14 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033804 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033804 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka \"Microsoft SharePoint Security Feature Bypass Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en Microsoft SharePoint Server 2013 SP1 y SharePoint Foundation 2013 SP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de contenido manipulado en una instancia Office Marketplace, también conocida como 'Microsoft SharePoint Security Feature Bypass Vulnerability'.", }, ], id: "CVE-2015-6039", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-10-14T01:59:15.200", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033804", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1575 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1575 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514", }, ], id: "CVE-2020-1575", lastModified: "2024-11-21T05:10:52.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:21.463", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1575", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1575", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2025-02-28 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.", }, { lang: "es", value: "Existe una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.", }, ], id: "CVE-2020-1100", lastModified: "2025-02-28T20:15:36.073", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-05-21T23:15:14.257", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-11 19:15
Modified
2025-02-28 21:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-573/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-573/ | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://packetstorm.news/files/id/163208 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint", }, ], id: "CVE-2021-31181", lastModified: "2025-02-28T21:15:17.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-05-11T19:15:09.837", references: [ { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.html", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-573/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-573/", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", url: "https://packetstorm.news/files/id/163208", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2010-09-17 18:00
Modified
2025-04-11 00:51
Severity ?
Summary
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html | Exploit | |
| secure@microsoft.com | http://support.avaya.com/css/P8/documents/100113324 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA10-285A.html | US Government Resource | |
| secure@microsoft.com | http://www.wooyun.org/bug.php?action=view&id=189 | Exploit | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/css/P8/documents/100113324 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA10-285A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.wooyun.org/bug.php?action=view&id=189 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | groove_server | 2010 | |
| microsoft | internet_explorer | 8 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | web_apps | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:groove_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "47B43F05-40AE-4D98-8B5D-A06BF10FE337", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", matchCriteriaId: "A52E757F-9B41-43B4-9D67-3FEDACA71283", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "9C24FB09-DBAD-4F62-BBD6-B81B9EC83D56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*", matchCriteriaId: "CF40F903-0026-4673-89A3-6F889D877E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:web_apps:*:*:*:*:*:*:*:*", matchCriteriaId: "C0C3E211-B6EF-4DF8-A88F-46427DDB8ED6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka \"HTML Sanitization Vulnerability,\" a different vulnerability than CVE-2010-1257.", }, { lang: "es", value: "La función toStaticHTML en Internet Explorer 8 de Microsoft y la función SafeHTML en Windows SharePoint Services versión 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010 y Office Web Apps de Microsoft, permite a los atacantes remotos omitir el mecanismo de protección de cross-site scripting (XSS) y conducir ataques de tipo XSS por medio de un uso especialmente diseñado de la regla @import de Hojas de Estilo en Cascada (CSS), también se conoce como \"HTML Sanitization Vulnerability\", una vulnerabilidad diferente de CVE-2010-1257.", }, ], id: "CVE-2010-3324", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-09-17T18:00:03.290", references: [ { source: "secure@microsoft.com", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html", }, { source: "secure@microsoft.com", url: "http://support.avaya.com/css/P8/documents/100113324", }, { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { source: "secure@microsoft.com", tags: [ "Exploit", ], url: "http://www.wooyun.org/bug.php?action=view&id=189", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/css/P8/documents/100113324", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-285A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.wooyun.org/bug.php?action=view&id=189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:52
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server", }, ], id: "CVE-2021-24072", lastModified: "2024-11-21T05:52:17.443", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:14.477", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24072", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software presenta un fallo al comprobar el código fuente de un paquete de aplicación, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1576, CVE-2020-1595", }, ], id: "CVE-2020-1453", lastModified: "2024-11-21T05:10:34.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:20.793", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-494", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2025-02-28 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, { lang: "es", value: "Hay una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], id: "CVE-2020-0933", lastModified: "2025-02-28T21:15:16.473", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-04-15T15:15:16.293", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-13 01:15
Modified
2024-11-21 06:24
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad en Microsoft SharePoint. Este ID de CVE es diferente de CVE-2021-40483", }, ], id: "CVE-2021-40484", lastModified: "2024-11-21T06:24:13.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-10-13T01:15:11.983", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40484", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:52
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Divulgación de Información de Microsoft SharePoint", }, ], id: "CVE-2021-24071", lastModified: "2024-11-21T05:52:17.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:14.413", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24071", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24071", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2024-11-21 04:17
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0951 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0951 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0950.", }, { lang: "es", value: "Existe una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no desinfecta correctamente una solicitud web especialmente diseñada para un servidor de SharePoint afectado, también conocido como \"Vulnerabilidad de suplantación de identidad de Microsoft SharePoint\". Este ID de CVE es único de CVE-2019-0949, CVE-2019-0950.", }, ], id: "CVE-2019-0951", lastModified: "2024-11-21T04:17:34.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T19:29:04.257", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0951", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software presenta un fallo al comprobar el código fuente de un paquete de aplicación, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-16951", }, ], id: "CVE-2020-16952", lastModified: "2024-11-21T05:07:29.917", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:16.320", references: [ { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-Code-Execution.html", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-346", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:36
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://packetstormsecurity.com/files/154591/Microsoft-SharePoint-2013-SP1-Cross-Site-Scripting.html | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154591/Microsoft-SharePoint-2013-SP1-Cross-Site-Scripting.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\".", }, ], id: "CVE-2019-1262", lastModified: "2024-11-21T04:36:21.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:16.757", references: [ { source: "secure@microsoft.com", url: "http://packetstormsecurity.com/files/154591/Microsoft-SharePoint-2013-SP1-Cross-Site-Scripting.html", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/154591/Microsoft-SharePoint-2013-SP1-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1262", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-11 07:15
Modified
2024-11-21 05:07
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Vulnerabilidad de Microsoft SharePoint Spoofing Este ID de CVE es diferente de CVE-2020-17016, CVE-2020-17060", }, ], id: "CVE-2020-17015", lastModified: "2024-11-21T05:07:38.063", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-11-11T07:15:14.467", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17015", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-03-11 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1031895 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031895 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:-:-:*:gold:*:*:*", matchCriteriaId: "A9626946-8339-4E06-BBF6-904D0ACC5ACF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:-:-:*:gold:*:*:*", matchCriteriaId: "90DBE271-001E-4783-86F5-E14977F95F13", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold y SP1, y SharePoint Server 2013 Gold y SP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de una solicitud manipulada, también conocido como 'vulnerabilidad de XSS de Microsoft SharePoint.'", }, ], id: "CVE-2015-1633", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-03-11T10:59:35.833", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1031895", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031895", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107.", }, { lang: "es", value: "Existe una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2020-1105, CVE-2020-1107.", }, ], id: "CVE-2020-1104", lastModified: "2024-11-21T05:09:45.337", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-21T23:15:14.557", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2024-11-21 04:17
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0952 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0952 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código remota en Microsoft SharePoint Server cuando falla la identificación y filtrado apropiado de los controles web de ASP.Net no seguros, también se conoce como \"Microsoft SharePoint Server Remote Code Execution Vulnerability\".", }, ], id: "CVE-2019-0952", lastModified: "2024-11-21T04:17:34.147", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T19:29:04.317", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0952", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0952", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-17 19:15
Modified
2024-11-21 05:10
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1501 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1501 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad cuando el Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2020-1499, CVE-2020-1500.", }, ], id: "CVE-2020-1501", lastModified: "2024-11-21T05:10:41.990", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-17T19:15:16.710", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1501", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-11 19:15
Modified
2025-02-28 21:15
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint. Este ID de CVE es diferente de CVE-2021-28478, CVE-2021-31172", }, ], id: "CVE-2021-26418", lastModified: "2025-02-28T21:15:16.953", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 2.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-05-11T19:15:08.793", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-290", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-10 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-192A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-192A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Script in Username Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft SharePoint Server 2010 Gold y SP1, SharePoint Foundation 2010 Gold y SP1, y Office Web Apps 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de elementos JavaScript en una URL, también conocido como \"SharePoint Script in Username Vulnerability.\"", }, ], id: "CVE-2012-1861", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-07-10T21:55:05.917", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15544", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka \"POST XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de cross-site scripting (XSS) en Microsoft SharePoint Server 2010 SP1 y SP2 y 2013 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de una petición POST manipulada, también conocido como \"Vulnerabilidad POST XSS\".", }, ], id: "CVE-2013-3180", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.133", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19136", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-15 15:15
Modified
2024-11-21 06:27
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*", matchCriteriaId: "FA51E2C8-321F-454B-A9C1-060885C1F892", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-42309", }, ], id: "CVE-2021-42294", lastModified: "2024-11-21T06:27:32.713", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-15T15:15:08.887", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1514 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1514 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1198, CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1575", }, ], id: "CVE-2020-1514", lastModified: "2024-11-21T05:10:43.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:21.247", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1514", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1514", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-17 19:15
Modified
2024-11-21 05:10
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1573 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1573 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_designer | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "304608B5-63CB-4F95-9C5B-2D5EFA83BC36", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross site scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1580.", }, ], id: "CVE-2020-1573", lastModified: "2024-11-21T05:10:52.417", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-08-17T19:15:21.023", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1573", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1573", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-20-1398/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-1398/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.", }, { lang: "es", value: "Hay una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software da un fallo al comprobar la marcación del origen de un paquete de aplicaciones, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.", }, ], id: "CVE-2020-0971", lastModified: "2024-11-21T04:54:34.200", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:18.293", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información donde determinados modos de la función search en Microsoft SharePoint Server son vulnerables a ataques de tipo cross-site search (una variante de cross-site request forgery, CSRF). Cuando los usuarios inician sesión simultáneamente en Microsoft SharePoint Server y visitan un página web maliciosa, el atacante puede, por medio de la funcionalidad standard browser, inducir al navegador a invocar consultas de búsqueda como el usuario registrado, también se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\".", }, ], id: "CVE-2020-1103", lastModified: "2024-11-21T05:09:45.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-21T23:15:14.477", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-08 23:15
Modified
2024-11-21 06:06
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-26420, CVE-2021-31963", }, ], id: "CVE-2021-31966", lastModified: "2024-11-21T06:06:37.667", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-06-08T23:15:09.083", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31966", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-05-13 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/74481 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1032295 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74481 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032295 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2010 | |
| microsoft | excel | 2010 | |
| microsoft | excel | 2013 | |
| microsoft | excel_web_app | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2010 | |
| microsoft | office | 2011 | |
| microsoft | office | 2013 | |
| microsoft | office | 2013 | |
| microsoft | office_web_apps_server | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | powerpoint | 2010 | |
| microsoft | powerpoint | 2011 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint | 2013 | |
| microsoft | powerpoint_viewer | - | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | word | 2010 | |
| microsoft | word | 2011 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x64:*", matchCriteriaId: "5E01525C-A3AB-4AB7-82F9-B91E4D552FD7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:x86:*", matchCriteriaId: "E28626D8-AF3A-487F-BAAB-3955E44D2A35", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "3A062169-527E-43DA-8AE0-FD4FBA1B2A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel_web_app:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "C35FE520-68CD-4EE8-A5D6-3D2E351AE0F2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x64:*", matchCriteriaId: "BB0CF266-A7EE-474A-B3D3-4A7FE33F4C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:x86:*", matchCriteriaId: "DC25ACD6-8F48-4534-AF7B-53F0D10C0843", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2011:*:*:*:mac:*:*:*", matchCriteriaId: "C3BC7969-CF2C-48B6-A52C-3605973D90EC", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "84149DF3-54BA-4738-9386-6C29B4E9448F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9CCB2D72-B779-4772-8F72-7177E3F47A92", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2011:*:*:*:mac:*:*:*", matchCriteriaId: "46B6D0FC-3072-4913-A280-AB612AB12ABA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "BA6E71BA-0EBA-40EE-8B81-92C6DECE8DB3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "36A1FA52-BFBD-4C88-9CBE-B68E55C75726", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:powerpoint_viewer:-:*:*:*:*:*:*:*", matchCriteriaId: "79A70941-A446-4616-A751-09CB2501E4E1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2011:*:*:*:mac:*:*:*", matchCriteriaId: "69947F0D-68B6-42E0-8E94-E5717264EBE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, and SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office for Mac 2011, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, PowerPoint Viewer, Word Automation Services on SharePoint Server 2010 SP2 y 2013 SP1, Excel Services on SharePoint Server 2010 SP2 y 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, SharePoint Foundation 2010 SP2, y SharePoint Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, también conocido como 'vulnerabilidad de la corrupción de memoria de Microsoft Office.'", }, ], id: "CVE-2015-1682", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-05-13T10:59:13.943", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/74481", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1032295", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/74481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1032295", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-046", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-10 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-192A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-192A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | office_sharepoint_server | 2007 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | sharepoint_services | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:*:*:*:*:*", matchCriteriaId: "91A3E58F-E2FE-4346-9083-58C963171A73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:*:*:*:*:*", matchCriteriaId: "6BE07062-6299-4371-BD74-BA7F7840DBA8", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x32:*:*:*:*:*", matchCriteriaId: "75275F99-A072-4485-85E6-B4F61A6E4D5A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x64:*:*:*:*:*", matchCriteriaId: "C3E21DE5-D215-45E1-A89E-E5D23EB4667A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "9C24FB09-DBAD-4F62-BBD6-B81B9EC83D56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*", matchCriteriaId: "CF40F903-0026-4673-89A3-6F889D877E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*", matchCriteriaId: "376C9A84-74B1-4717-B88E-153ADD7D686D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Reflected List Parameter Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2007 SP2 y SP3 Windows SharePoint Services v3.0 SP2, y SharePoint Foundation 2010 Gold y SP1 , permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del mediante elementos JavaScript en una URL, también conocido como \"SharePoint Reflected List Parameter Vulnerability.\"", }, ], id: "CVE-2012-1863", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-07-10T21:55:06.027", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-11 19:15
Modified
2025-01-02 22:15
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2022-38053, CVE-2022-41036, CVE-2022-41037", }, ], id: "CVE-2022-41038", lastModified: "2025-01-02T22:15:19.540", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-10-11T19:15:20.907", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41038", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | sharepoint_services | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", matchCriteriaId: "858F70F4-3128-477D-ACAA-73F0AFA23A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*", matchCriteriaId: "CF40F903-0026-4673-89A3-6F889D877E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*", matchCriteriaId: "376C9A84-74B1-4717-B88E-153ADD7D686D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 y 3.0 SP2, y SharePoint Server 2010 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la URI. Problema también conocido como \"Vulnerabilidad XSS de SharePoint.\"", }, ], id: "CVE-2011-1893", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-09-15T12:26:48.697", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-05 23:29
Modified
2025-04-04 15:33
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106914 | Third Party Advisory, VDB Entry, Broken Link | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106914 | Third Party Advisory, VDB Entry, Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Microsoft SharePoint Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en Microsoft SharePoint cuando el software no comprueba el marcado de origen de un paquete de una aplicación. Esto también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2019-0594.", }, ], id: "CVE-2019-0604", lastModified: "2025-04-04T15:33:58.093", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-03-05T23:29:00.757", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://www.securityfocus.com/bid/106914", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://www.securityfocus.com/bid/106914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software falla al comprobar el marcado de origen de un paquete de aplicaciones, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1024, CVE-2020-1102.", }, ], id: "CVE-2020-1023", lastModified: "2024-11-21T05:09:34.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-21T23:15:11.617", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-09 22:15
Modified
2024-11-21 07:22
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server", }, ], id: "CVE-2022-41062", lastModified: "2024-11-21T07:22:32.880", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-11-09T22:15:20.713", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41062", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en la manera en que el software Microsoft SharePoint analiza los mensajes de correo electrónico especialmente diseñados, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\"", }, ], id: "CVE-2020-1444", lastModified: "2024-11-21T05:10:33.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:19.603", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-11 19:15
Modified
2025-02-28 21:15
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint. Este ID de CVE es diferente de CVE-2021-26418, CVE-2021-28478", }, ], id: "CVE-2021-31172", lastModified: "2025-02-28T21:15:17.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-05-11T19:15:09.527", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-290", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2014-05-14 11:13
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1030227 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030227 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps_server | 2013 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | project_server | 2010 | |
| microsoft | project_server | 2010 | |
| microsoft | project_server | 2013 | |
| microsoft | project_server | 2013 | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_designer | 2010 | |
| microsoft | sharepoint_designer | 2010 | |
| microsoft | sharepoint_designer | 2013 | |
| microsoft | sharepoint_designer | 2013 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server_client_components_sdk | 2013 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | web_applications | 2010 | |
| microsoft | web_applications | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "69B10C34-0A0D-4CDD-A2F1-A751B90F4C99", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:project_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "1F101149-8513-484F-AD9D-2E540E32AE7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "0B02D845-F95D-44D7-AB4C-2E464C3AB783", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:project_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "C7CA9542-45CE-49B2-ADA4-CA75C509920D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "597153BC-B8A7-45E5-AE3F-D897FAE4C7FB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "C3E93E7B-E61E-4755-8AE8-C333E6144655", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "69235F99-C896-4FDF-AA59-FA7FCDF02A6F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "511A4ED3-E85C-4C95-B128-841220D1F79D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2013:*:*:*:*:*:*:*", matchCriteriaId: "BD6A2871-3D1F-49E0-97F4-5C1059EB71BE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "304608B5-63CB-4F95-9C5B-2D5EFA83BC36", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:*:*:*:*:*:*:*", matchCriteriaId: "1406756C-F15D-4AF8-A8BD-3ED7DF1E427D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "993E5C5C-4C78-4CDA-BF67-5A35814EF621", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server_client_components_sdk:2013:*:*:*:*:*:*:*", matchCriteriaId: "AAF4913D-2820-4AE2-8C83-EB11E29E25FE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp3:*:*:*:*:*:*", matchCriteriaId: "70F505C4-2D2D-4336-95C0-78644F2C5636", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:web_applications:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0A218411-8A85-4988-A00D-0F1D336CCA2A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:web_applications:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "AC93E283-E88A-41F1-90B6-CD256FF02F11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka \"SharePoint Page Content Vulnerability.\"", }, { lang: "es", value: "Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 y SP2 y 2013 Gold y SP1; SharePoint Foundation 2010 SP1 y SP2 y 2013 Gold y SP1; Project Server 2010 SP1 y SP2 y 2013 Gold y SP1; Web Applications 2010 SP1 y SP2; Office Web Apps Server 2013 Gold y SP1; SharePoint Server 2013 Client Components SDK y SharePoint Designer 2007 SP3, 2010 SP1 y SP2 y 2013 Gold y SP1 permiten a usuarios remotos autenticados ejecutar código arbitrario a través de contenido manipulado de una página, también conocido como 'vulnerabilidad de contenido de página de SharePoint.'", }, ], id: "CVE-2014-0251", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-05-14T11:13:04.177", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1030227", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-022", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2025-02-28 21:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106 | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.", }, { lang: "es", value: "Existe una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Vulnerabilidad de Microsoft Office SharePoint XSS\". Este ID de CVE es diferente de CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.", }, ], id: "CVE-2020-1106", lastModified: "2025-02-28T21:15:16.637", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-05-21T23:15:14.727", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106", }, { source: "secure@microsoft.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-13 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2022-38008, CVE-2022-38009", }, ], id: "CVE-2022-37961", lastModified: "2024-11-21T07:15:26.963", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-09-13T19:15:12.103", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37961", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37961", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:09
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software presenta un fallo al comprobar el código fuente de un paquete de aplicación, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595", }, ], id: "CVE-2020-1200", lastModified: "2024-11-21T05:09:57.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:19.573", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-494", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-10-09 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/55797 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id?1027625 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id?1027626 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id?1027627 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id?1027628 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id?1027629 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-283A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/55797 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027625 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027626 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027627 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027628 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1027629 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-283A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | groove_server | 2010 | |
| microsoft | infopath | 2007 | |
| microsoft | infopath | 2010 | |
| microsoft | lync | 2010 | |
| microsoft | lync | 2010 | |
| microsoft | office_communicator | 2007 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "8B95E5BF-DD0E-4FD4-8462-3E3727B81B56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:infopath:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "5B2097D4-4F29-4B20-982C-248095F881BE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:infopath:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0404648E-DD98-493E-B392-43B47EACFEA2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:lync:2010:*:*:*:*:*:*:*", matchCriteriaId: "0F83FB32-9775-418B-99A7-EC1FEA345F26", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:lync:2010:*:attendee:*:*:*:*:*", matchCriteriaId: "EE98CEE9-200B-494A-B645-D14ACB577250", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_communicator:2007:r2:*:*:*:*:*:*", matchCriteriaId: "7234718B-FD5B-4C9E-8D32-E0A9DDDA7619", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "9C24FB09-DBAD-4F62-BBD6-B81B9EC83D56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "F1DEF955-9253-40A1-A6AD-F0E70A629D23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Microsoft InfoPath 2007 SP2 y SP3 y 2010 SP1, Communicator 2007 R2, Lync 2010 y 2010 Attendee, SharePoint Server 2007 SP2 y SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, y Office Web Apps 2010 SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una cadena modificada, también conocido como \"HTML Sanitization Vulnerability.\"", }, ], id: "CVE-2012-2520", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-10-09T21:55:02.643", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/55797", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027625", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027626", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027627", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027628", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027629", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/55797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027628", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1027629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-283A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software presenta un fallo al comprobar el código fuente de un paquete de aplicación, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1200, CVE-2020-1210, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595", }, ], id: "CVE-2020-1452", lastModified: "2024-11-21T05:10:34.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:20.747", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-494", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-17 19:15
Modified
2024-11-21 05:10
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1580 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1580 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1573.", }, ], id: "CVE-2020-1580", lastModified: "2024-11-21T05:10:53.377", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-17T19:15:21.380", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1580", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1580", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-14 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/92786 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1036785 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| secure@microsoft.com | https://www.exploit-db.com/exploits/40406/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92786 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036785 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/40406/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps_server | 2013 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | word_for_mac | 2011 | |
| microsoft | word_for_mac | 2016 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "941B16A2-931D-4031-A016-5EA60E87BE20", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2011:*:*:*:*:*:*:*", matchCriteriaId: "B429C3AB-B405-4156-B63E-BA2BC6A84894", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_for_mac:2016:*:*:*:*:*:*:*", matchCriteriaId: "A06E1824-01B6-4BAE-9789-B0D3776915B9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services on SharePoint Server 2013 SP1, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word para Mac 2011, Word 2016 para Mac, Word Viewer, Word Automation Services en SharePoint Server 2010 SP2, SharePoint Server 2013 SP1, Excel Automation Services en SharePoint Server 2013 SP1, Word Automation Services en SharePoint Server 2013 SP1, Office Web Apps 2010 SP2 y Office Web Apps Server 2013 SP1 permiten a atacantes remotos ejecutar código arbitrario a través de un documento manipulado, vulnerabilidad también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-3357", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-14T10:59:30.950", references: [ { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/92786", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1036785", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, { source: "secure@microsoft.com", url: "https://www.exploit-db.com/exploits/40406/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92786", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1036785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/40406/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-11 21:15
Modified
2025-01-01 02:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/173126/Microsoft-SharePoint-Enterprise-Server-2016-Spoofing.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], id: "CVE-2023-28288", lastModified: "2025-01-01T02:15:28.247", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "secure@microsoft.com", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2023-04-11T21:15:27.017", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/173126/Microsoft-SharePoint-Enterprise-Server-2016-Spoofing.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28288", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-17 19:15
Modified
2024-11-21 05:10
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1499 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1499 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.\nThe attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.\nThe security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad cuando el Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2020-1500, CVE-2020-1501.", }, ], id: "CVE-2020-1499", lastModified: "2024-11-21T05:10:41.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-17T19:15:16.600", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1499", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 20:15
Modified
2024-11-21 07:43
Severity ?
Summary
Microsoft SharePoint Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Elevation of Privilege Vulnerability", }, ], id: "CVE-2023-21717", lastModified: "2024-11-21T07:43:29.993", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-02-14T20:15:14.433", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:10
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1148.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1148.", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2020-1148", }, ], id: "CVE-2020-1289", lastModified: "2024-11-21T05:10:10.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-09T20:15:18.990", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1289", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1198, CVE-2020-1227, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575", }, ], id: "CVE-2020-1345", lastModified: "2024-11-21T05:10:17.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:20.573", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1345", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"XSS in SharePoint Calendar Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Office SharePoint Server 2010 Gold y SP1, y SharePoint Server 2010, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la URI. Se trata de un problema tambien conocido como \"Vulnerabilidad XSS en el calendario de Sharepoint\".", }, ], id: "CVE-2011-0653", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2011-09-15T12:26:48.367", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12835", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2025-02-28 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1177 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1177 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320", }, ], id: "CVE-2020-1177", lastModified: "2025-02-28T20:15:36.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-06-09T20:15:12.710", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1177", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1177", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2012-02-14 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-045A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-045A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in inplview.aspx Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en inplview.aspx en Microsoft SharePoint Foundation 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de secuencias de comandos web o HTML en una URL, también conocido como \"XSS in inplview.aspx Vulnerability.\"", }, ], id: "CVE-2012-0017", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-02-14T22:55:01.363", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-10 14:15
Modified
2024-11-21 04:36
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2019-1330.", }, ], id: "CVE-2019-1329", lastModified: "2024-11-21T04:36:29.460", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-10T14:15:16.563", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1329", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2024-11-21 04:17
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0949 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0949 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0950, CVE-2019-0951.", }, { lang: "es", value: "Existe una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no hace un saneamiento de manera correcta de una solicitud web especialmente creada para un servidor de SharePoint afectado, también se conoce como 'Microsoft SharePoint Spoofing Vulnerability'. Este ID de CVE es diferente de CVE-2019-0950, CVE-2019-0951.", }, ], id: "CVE-2019-0949", lastModified: "2024-11-21T04:17:33.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T19:29:04.147", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0949", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0949", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-05-13 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032296 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-047 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032296 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-047 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka \"Microsoft SharePoint Page Content Vulnerabilities.\"", }, { lang: "es", value: "Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, y SharePoint Foundation 2013 SP1 permiten a usuarios remotos autenticados ejecutar código arbitrario a través del contenido de páginas manipulado, también conocido como 'vulnerabilidad del contenido de páginas de Microsoft SharePoint.'", }, ], id: "CVE-2015-1700", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-05-13T10:59:28.070", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1032296", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-047", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1032296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-047", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-02-14 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-045A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14386 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-045A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14386 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in themeweb.aspx Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold y SP1 y SharePoint Foundation 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de secuencias JavaScript en una URL, también conocido como \"XSS in themeweb.aspx Vulnerability.\"", }, ], id: "CVE-2012-0144", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-02-14T22:55:01.817", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14386", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14386", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, { lang: "es", value: "Hay una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software falla al comprobar la marcación del origen de un paquete de aplicaciones, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.", }, ], id: "CVE-2020-0929", lastModified: "2024-11-21T04:54:29.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:16.073", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2025-02-28 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.", }, { lang: "es", value: "Existe una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.", }, ], id: "CVE-2020-1101", lastModified: "2025-02-28T20:15:36.240", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-05-21T23:15:14.337", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-11 19:15
Modified
2025-01-02 22:15
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2022-38053, CVE-2022-41036, CVE-2022-41038", }, ], id: "CVE-2022-41037", lastModified: "2025-01-02T22:15:19.430", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-10-11T19:15:20.833", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41037", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-13 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka \"Callback Function Vulnerability.\"", }, { lang: "es", value: "Microsoft SharePoint Server 2010 SP1 y SharePoint Foundation 2010 SP1, permite a atacantes remotos evitar las restricciones de acceso establecidas para los contenidos y secuestrar las cuentas de usuario a través de una URL manipulada. Aka \"Callback Function Vulnerability.\"", }, ], id: "CVE-2013-0080", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-13T00:55:01.183", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16596", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-09 17:15
Modified
2024-11-21 06:45
Severity ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Suplantación de Identidad en Microsoft SharePoint Server", }, ], id: "CVE-2022-21987", lastModified: "2024-11-21T06:45:50.237", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, ], }, published: "2022-02-09T17:15:08.960", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21987", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-10 22:15
Modified
2024-11-21 07:43
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server", }, ], id: "CVE-2023-21742", lastModified: "2024-11-21T07:43:33.203", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-01-10T22:15:17.860", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21742", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-15 12:15
Modified
2024-11-21 06:17
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint Server . Este CVE ID es diferente de CVE-2021-38652", }, ], id: "CVE-2021-38651", lastModified: "2024-11-21T06:17:49.287", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-09-15T12:15:15.310", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38651", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-13 19:15
Modified
2024-11-21 07:28
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server", }, ], id: "CVE-2022-44690", lastModified: "2024-11-21T07:28:19.557", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-12-13T19:15:13.887", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44690", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44690", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2025-02-28 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, { lang: "es", value: "Hay una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], id: "CVE-2020-0923", lastModified: "2025-02-28T21:15:15.493", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-04-15T15:15:15.823", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-11 19:15
Modified
2025-01-02 22:15
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2022-38053, CVE-2022-41037, CVE-2022-41038", }, ], id: "CVE-2022-41036", lastModified: "2025-01-02T22:15:19.330", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-10-11T19:15:20.773", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41036", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-14 12:29
Modified
2024-11-21 04:13
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104325 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041106 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104325 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041106 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | project_server | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "0B02D845-F95D-44D7-AB4C-2E464C3AB783", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición web especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" Esto afecta a Microsoft Project Server y Microsoft SharePoint. El ID de este CVE es diferente de CVE-2018-8252.", }, ], id: "CVE-2018-8254", lastModified: "2024-11-21T04:13:30.523", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-14T12:29:02.710", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104325", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041106", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8254", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-08-12 21:55
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://secunia.com/advisories/60675 | ||
| secure@microsoft.com | http://www.securityfocus.com/bid/69099 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1030720 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/60675 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/69099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030720 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-050 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:-:-:*:gold:*:*:*", matchCriteriaId: "A9626946-8339-4E06-BBF6-904D0ACC5ACF", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:-:-:*:gold:*:*:*", matchCriteriaId: "90DBE271-001E-4783-86F5-E14977F95F13", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka \"SharePoint Page Content Vulnerability.\"", }, { lang: "es", value: "Microsoft SharePoint Server 2013 Gold y SP1 y SharePoint Foundation 2013 Gold y SP1 permiten a usuarios remotos autenticados ganar privilegios a través de una aplicación caballo de troya que ejecute una acción custom en el contexto del modelo de extensibilidad SharePoint, también conocido como 'vulnerabilidad de contenido de páginas SharePoint.'", }, ], id: "CVE-2014-2816", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-08-12T21:55:06.960", references: [ { source: "secure@microsoft.com", url: "http://secunia.com/advisories/60675", }, { source: "secure@microsoft.com", url: "http://www.securityfocus.com/bid/69099", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1030720", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/60675", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/69099", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030720", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-050", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 16:15
Modified
2024-11-21 04:54
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2010 | |
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_online_server | 1.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2010 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*", matchCriteriaId: "A1A868C4-0A58-4660-9492-1BADD99D8E59", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", matchCriteriaId: "CA035812-F35A-43F1-9A8D-EE02201AA10A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "24EEDAD9-9656-4B21-82E4-D60B83777492", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código remota en el software Microsoft Word, cuando falla al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.", }, ], id: "CVE-2020-0892", lastModified: "2024-11-21T04:54:24.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T16:15:20.720", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0892", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:36
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint donde las API no están protegidas apropiadamente contra la entrada de datos no seguros, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2019-1257, CVE-2019-1296.", }, ], id: "CVE-2019-1295", lastModified: "2024-11-21T04:36:25.233", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:18.633", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-10 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034975 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034975 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en SharePoint Server en Microsoft SharePoint Foundation 2013 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una petición manipulada, también conocida como \"Microsoft SharePoint XSS Vulnerability\".", }, ], id: "CVE-2016-0039", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-10T11:59:05.360", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1034975", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034975", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-015", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-10-14 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka "Microsoft Office Web Apps XSS Spoofing Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1033804 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033803 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033804 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel_web_app | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel_web_app:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "C35FE520-68CD-4EE8-A5D6-3D2E351AE0F2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka \"Microsoft Office Web Apps XSS Spoofing Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en Microsoft Excel Services en SharePoint Server 2010 SP2 y 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1 y SharePoint Foundation 2013 SP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, también conocida como 'Microsoft Office Web Apps XSS Spoofing Vulnerability'.", }, ], id: "CVE-2015-6037", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-10-14T01:59:14.170", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033803", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033804", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1033804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-110", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2024-11-21 04:17
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios cuando Microsoft SharePoint Server no sanea apropiadamente una solicitud web especialmente creada para un servidor de SharePoint afectado, también se conoce como \"vulnerabilidad de privilegio de Microsoft SharePoint\". Este ID de CVE es diferente de CVE-2019-0957.", }, ], id: "CVE-2019-0958", lastModified: "2024-11-21T04:17:34.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T19:29:04.583", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0958", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-05 23:29
Modified
2024-11-21 04:17
Severity ?
Summary
A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106900 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106900 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de suplantación en Microsoft SharePoint cuando la aplicación no analiza de manera correcta el contenido HTTP. Esto también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\".", }, ], id: "CVE-2019-0670", lastModified: "2024-11-21T04:17:05.030", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-05T23:29:02.410", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106900", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106900", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0670", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-10 14:15
Modified
2024-11-21 04:36
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\".", }, ], id: "CVE-2019-1328", lastModified: "2024-11-21T04:36:29.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-10T14:15:16.503", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1328", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2025-02-28 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, { lang: "es", value: "Hay una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], id: "CVE-2020-0924", lastModified: "2025-02-28T21:15:15.653", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-04-15T15:15:15.870", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2024-11-21 04:17
Severity ?
Summary
An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0956 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0956 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de divulgación de información cuando Microsoft SharePoint Server no sanea apropiadamente una solicitud web especialmente creada para un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Server Information Disclosure Vulnerability\".", }, ], id: "CVE-2019-0956", lastModified: "2024-11-21T04:17:34.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T19:29:04.443", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0956", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0956", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-116", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, { lang: "es", value: "Vulnerabilidad de divulgación de información en Microsoft SharePoint", }, ], id: "CVE-2020-17120", lastModified: "2024-11-21T05:07:51.313", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:14.673", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17120", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-14 18:15
Modified
2024-11-21 06:10
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34520 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-828/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34520 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-828/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-34467, CVE-2021-34468", }, ], id: "CVE-2021-34520", lastModified: "2024-11-21T06:10:35.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-07-14T18:15:12.257", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34520", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-828/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-828/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-14 18:15
Modified
2024-11-21 06:10
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-829/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-829/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-34467, CVE-2021-34520", }, ], id: "CVE-2021-34468", lastModified: "2024-11-21T06:10:28.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-07-14T18:15:11.060", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-829/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-829/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 16:15
Modified
2024-11-21 04:54
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2016 | |
| microsoft | office | 2019 | |
| microsoft | office | 2019 | |
| microsoft | office_365_proplus | - | |
| microsoft | office_online_server | 1.0 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2016:*:mac_os:*:*:*:*:*", matchCriteriaId: "C7FF377D-589F-447B-8495-64690832C582", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", matchCriteriaId: "FF177984-A906-43FA-BF60-298133FBBD6B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2019:*:mac_os:*:*:*:*:*", matchCriteriaId: "E9BB0C30-22E5-424B-BFE1-5C0361A21452", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_365_proplus:-:*:*:*:*:*:*:*", matchCriteriaId: "CA035812-F35A-43F1-9A8D-EE02201AA10A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "ECB0E226-2343-4C3A-87E4-B3E70138AFE2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código remota en el software Microsoft Word cuando tiene un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft Word Remote Code Execution Vulnerability\"'. Este ID de CVE es diferente de CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.", }, ], id: "CVE-2020-0850", lastModified: "2024-11-21T04:54:20.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-12T16:15:18.597", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0850", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint. Este ID de CVE es diferente de CVE-2021-1641", }, ], id: "CVE-2021-1717", lastModified: "2024-11-21T05:44:57.937", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 2.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-01-12T20:15:34.807", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1717", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-25 23:15
Modified
2024-11-21 05:52
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint", }, ], id: "CVE-2021-24066", lastModified: "2024-11-21T05:52:16.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-02-25T23:15:14.117", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24066", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24066", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-08 23:15
Modified
2024-11-21 06:06
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-31950, CVE-2021-31964", }, ], id: "CVE-2021-31948", lastModified: "2024-11-21T06:06:34.537", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-06-08T23:15:08.650", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31948", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-13 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2022-37961, CVE-2022-38008", }, ], id: "CVE-2022-38009", lastModified: "2024-11-21T07:15:33.950", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-09-13T19:15:12.650", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38009", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-13 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka \"SharePoint XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad XSS en Microsoft SharePoint Server 2010 SP1, permite a atacantes remotos inyectar código web o HTML de su elección a través de un contenido manipulado, conduciendo a la ejecución de comandos de administrador. Aka \"SharePoint XSS Vulnerability.\"", }, ], id: "CVE-2013-0083", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-03-13T00:55:01.200", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1227 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1227 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1198, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575", }, ], id: "CVE-2020-1227", lastModified: "2024-11-21T05:10:01.427", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:19.823", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1227", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1227", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-14 01:29
Modified
2025-02-28 21:15
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/105829 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1042136 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105829 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042136 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición web especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" Esto afecta a Microsoft SharePoint Server y Microsoft SharePoint. El ID de este CVE es diferente de CVE-2018-8572.", }, ], id: "CVE-2018-8568", lastModified: "2025-02-28T21:15:11.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2018-11-14T01:29:01.613", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105829", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042136", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105829", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1042136", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2025-02-28 21:15
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.", }, { lang: "es", value: "Existe una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una solicitud web especialmente creada para un servidor de SharePoint afectado, también se conoce como \"vulnerabilidad de Microsoft Office SharePoint XSS\".", }, ], id: "CVE-2019-0963", lastModified: "2025-02-28T21:15:13.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-05-16T19:29:04.723", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0963", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-10 14:15
Modified
2024-11-21 04:36
Severity ?
Summary
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_enterprise_server | 2019 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6614C17A-9FCF-4BEB-8B43-53D47FB86728", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.", }, { lang: "es", value: "Se presenta una vulnerabilidad de elevación de privilegios en Microsoft SharePoint, también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2019-1329.", }, ], id: "CVE-2019-1330", lastModified: "2024-11-21T04:36:29.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-10T14:15:16.627", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1330", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2025-02-28 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, { lang: "es", value: "Hay una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.", }, ], id: "CVE-2020-0925", lastModified: "2025-02-28T21:15:15.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-04-15T15:15:15.933", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-15 15:15
Modified
2024-11-21 06:27
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-22-074/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-074/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-42294", }, ], id: "CVE-2021-42309", lastModified: "2024-11-21T06:27:34.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-15T15:15:08.977", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-074/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-22-074/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2024-11-21 04:17
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0950 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0950 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951.", }, { lang: "es", value: "Existe una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no hace un saneamiento correcto de una solicitud web especialmente creada para un servidor de SharePoint afectado, también se conoce como 'Microsoft SharePoint Spoofing Vulnerability'. Este ID de CVE es diferente de CVE-2019-0949, CVE-2019-0951.", }, ], id: "CVE-2019-0950", lastModified: "2024-11-21T04:17:33.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-16T19:29:04.207", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0950", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Microsoft SharePoint. Este ID de CVE es diferente de CVE-2020-17121", }, ], id: "CVE-2020-17118", lastModified: "2024-11-21T05:07:51.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:14.557", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17118", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17118", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software presenta falla al comprobar el marcado de origen de un paquete de aplicaciones, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1023, CVE-2020-1102.", }, ], id: "CVE-2020-1024", lastModified: "2024-11-21T05:09:34.977", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-21T23:15:11.663", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-08 23:15
Modified
2024-11-21 06:06
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-26420, CVE-2021-31966", }, ], id: "CVE-2021-31963", lastModified: "2024-11-21T06:06:36.720", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-06-08T23:15:09.003", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31963", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-08 23:15
Modified
2024-11-21 06:06
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad en Microsoft SharePoint Server. Este CVE ID es diferente de CVE-2021-31948, CVE-2021-31950", }, ], id: "CVE-2021-31964", lastModified: "2024-11-21T06:06:37.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-06-08T23:15:09.030", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31964", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-09 21:29
Modified
2025-02-28 21:15
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-0831.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente creada para un servidor de SharePoint afectado, también se conoce como “Microsoft Office SharePoint XSS Vulnerability”. Este ID de CVE es diferente de CVE-2019-0831.", }, ], id: "CVE-2019-0830", lastModified: "2025-02-28T21:15:13.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-04-09T21:29:01.660", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0830", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-11 00:29
Modified
2024-11-21 04:13
Severity ?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104610 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041261 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104610 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041261 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios de elevación de privilegios cuando Microsoft SharePoint Server no sanea correctamente una petición web especialmente manipulada enviada a un servidor SharePoint afectado. Esto también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" Esto afecta a Microsoft SharePoint. El ID de este CVE es diferente de CVE-2018-8323.", }, ], id: "CVE-2018-8299", lastModified: "2024-11-21T04:13:34.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-11T00:29:01.710", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104610", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041261", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041261", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-04-14 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1032111 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032111 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en Microsoft SharePoint Foundation 2013 SP1 y SharePoint Server 2013 SP1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una solicitud manipulada, también conocido como 'vulnerabilidad de XSS en Microsoft SharePoint.'", }, ], id: "CVE-2015-1653", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-04-14T20:59:15.063", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1032111", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1032111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-09-15 12:26
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://securityreason.com/securityalert/8386 | ||
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8386 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA11-256A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | forms_server | 2007 | |
| microsoft | forms_server | 2007 | |
| microsoft | groove | 2007 | |
| microsoft | groove_data_bridge_server | 2007 | |
| microsoft | groove_management_server | 2007 | |
| microsoft | groove_server | 2010 | |
| microsoft | groove_server | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | sharepoint_workspace | 2010 | |
| microsoft | sharepoint_workspace | 2010 | |
| microsoft | sharepoint_workspace | 2010 | |
| microsoft | sharepoint_workspace | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:forms_server:2007:sp2:x32:*:*:*:*:*", matchCriteriaId: "0C8A6067-88D9-4662-8F79-B7737B6AD910", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:forms_server:2007:sp2:x64:*:*:*:*:*", matchCriteriaId: "99B29AFF-EBDC-4C1B-BDBD-F9A4CA724F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "5075B5F5-5018-4DEF-B77D-E75C09CB3DF3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove_data_bridge_server:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "BE6FAE49-E7E6-4996-9369-4F56E11DAD96", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove_management_server:2007:sp2:*:*:*:*:*:*", matchCriteriaId: "489C0AC9-A6BE-4473-A3FD-35119E8C1FAA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "47B43F05-40AE-4D98-8B5D-A06BF10FE337", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:groove_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "8B95E5BF-DD0E-4FD4-8462-3E3727B81B56", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x32:*:*:*:*:*", matchCriteriaId: "586E6C37-346C-40BA-AC89-2CEB8C44E190", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:x64:*:*:*:*:*", matchCriteriaId: "48EB5C93-55BF-4608-A9DC-EDD8DE15EE44", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:*:*:*:*:*", matchCriteriaId: "CF40F903-0026-4673-89A3-6F889D877E2F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:*:*:*:*:*", matchCriteriaId: "376C9A84-74B1-4717-B88E-153ADD7D686D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_workspace:2010:*:x32:*:*:*:*:*", matchCriteriaId: "B111D9E7-03E7-4909-B620-6E656CC3DEB7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_workspace:2010:*:x64:*:*:*:*:*", matchCriteriaId: "B92DB5CC-A9C9-4D6E-859E-A18EB38323AB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_workspace:2010:sp1:x32:*:*:*:*:*", matchCriteriaId: "7AC3C326-F415-4D98-9EB4-13CE30D0C6BE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_workspace:2010:sp1:x64:*:*:*:*:*", matchCriteriaId: "FF58F296-B8C8-4C57-A4B5-357BC4CC4CF6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka \"SharePoint Remote File Disclosure Vulnerability.\"", }, { lang: "es", value: "Microsoft Office Groove 2007 Service Pack 2, SharePoint Workspace 2010 Gold y SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold y SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold y SP1, Windows SharePoint Services 3.0 SP2, Windows SharePoint 2010 y Office Web Aplicaciones 2010 Gold y SP1 no gestionan correctamente las partes web que contienen clases XML que referencian a entidades externas, lo que permite a usuarios remotos autenticados leer ficheros de su elección a través de un archivo XML o XSL debidamente modificados. Es un problema también conocido como \"Vulnerabilidad de revelado de fichero remoto de Sharepoint.\"", }, ], id: "CVE-2011-1892", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-09-15T12:26:48.647", references: [ { source: "secure@microsoft.com", url: "http://securityreason.com/securityalert/8386", }, { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/8386", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-256A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12907", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-10 01:29
Modified
2024-11-21 03:38
Severity ?
Summary
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102391 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040150 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102391 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040150 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\". This CVE is unique from CVE-2018-0789.", }, { lang: "es", value: "Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 y Microsoft SharePoint Server 2016 permiten una vulnerabilidad de elevación de privilegios debido a la forma en la que se gestionan las peticiones web. Esto también se conoce como \"Microsoft SharePoint Elevation of Privilege Vulnerability\". Este CVE es diferente de CVE-2018-0789.", }, ], id: "CVE-2018-0790", lastModified: "2024-11-21T03:38:57.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-10T01:29:00.400", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102391", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040150", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102391", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040150", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0790", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2025-02-28 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320", }, ], id: "CVE-2020-1318", lastModified: "2025-02-28T20:15:37.217", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-06-09T20:15:21.117", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1318", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:09
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software presenta un fallo al comprobar el código fuente de un paquete de aplicación, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1200, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595", }, ], id: "CVE-2020-1210", lastModified: "2024-11-21T05:09:59.187", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:19.667", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-494", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software presenta un fallo al comprobar el código fuente de un paquete de aplicación, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-16952", }, ], id: "CVE-2020-16951", lastModified: "2024-11-21T05:07:29.800", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:16.273", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-346", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-11 21:15
Modified
2024-11-21 06:45
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server", }, ], id: "CVE-2022-21837", lastModified: "2024-11-21T06:45:32.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-11T21:15:09.323", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21837", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-14 17:15
Modified
2024-11-21 07:46
Severity ?
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, ], id: "CVE-2023-23395", lastModified: "2024-11-21T07:46:06.100", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-03-14T17:15:13.083", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23395", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_portal_server | 2003 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | word | 2003 | |
| microsoft | word | 2007 | |
| microsoft | word | 2010 | |
| microsoft | word_viewer | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "D133FB73-C7F6-481C-B050-C242C771ED21", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", matchCriteriaId: "858F70F4-3128-477D-ACAA-73F0AFA23A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "55C05DB1-03DC-454B-85E5-715938F0E13E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "80F8E09E-E7F7-4D86-B140-3933EDC54E1C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "7D006508-BFB0-4F21-A361-3DA644F51D8A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "D2A0758C-6499-407F-823A-6F28BE56805E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word_viewer:*:*:*:*:*:*:*:*", matchCriteriaId: "D79B6572-E7DF-4CC2-B70B-9B31BE1B6A81", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.", }, { lang: "es", value: "Microsoft Word Automation Services en SharePoint Server 2010 SP1, Word Web App 2010 SP1 en Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, y Word Viewer permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un documento de Office manipulado. Aka \"Word Memory Corruption Vulnerability\", una vulnerabilidad diferente de CVE-2013-3848, CVE-2013-3849, y CVE-2013-3858.", }, ], id: "CVE-2013-3847", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-09-11T14:03:48.210", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18988", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-08 23:15
Modified
2024-11-21 05:56
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-755/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-755/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-31963, CVE-2021-31966", }, ], id: "CVE-2021-26420", lastModified: "2024-11-21T05:56:20.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.5, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-06-08T23:15:08.337", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-755/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26420", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-755/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-12 14:29
Modified
2024-11-21 04:35
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1032, CVE-2019-1033, CVE-2019-1036.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | project_server | 2010 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "0B02D845-F95D-44D7-AB4C-2E464C3AB783", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1032, CVE-2019-1033, CVE-2019-1036.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente creada para un servidor de SharePoint afectado, también se conoce como “Microsoft Office SharePoint XSS Vulnerability”. Este ID de CVE es diferente de CVE-2019-1032, CVE-2019-1033, CVE-2019-1036.", }, ], id: "CVE-2019-1031", lastModified: "2024-11-21T04:35:52.947", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-12T14:29:03.463", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1031", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 16:15
Modified
2025-02-28 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0795.", }, { lang: "es", value: "Esta vulnerabilidad es causada cuando SharePoint Server no sanea apropiadamente una petición especialmente diseñada en un servidor SharePoint afectado. Un atacante autenticado podría explotar esta vulnerabilidad mediante el envío de una petición especialmente diseñada hacia un servidor SharePoint afectado, también se conoce como \"Microsoft SharePoint Reflective XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-0795.", }, ], id: "CVE-2020-0891", lastModified: "2025-02-28T21:15:14.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-03-12T16:15:20.643", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0891", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-10 22:15
Modified
2024-11-21 07:43
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server", }, ], id: "CVE-2023-21744", lastModified: "2024-11-21T07:43:33.447", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-01-10T22:15:17.987", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21744", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21744", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-10 21:15
Modified
2025-01-02 19:16
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:-:subscription:*:*:*", matchCriteriaId: "BAB596E0-7130-429E-A4A0-AD540C779A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server", }, ], id: "CVE-2022-29108", lastModified: "2025-01-02T19:16:08.100", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, ], }, published: "2022-05-10T21:15:11.450", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29108", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:36
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software no puede comprobar el marcado de fuente de un paquete de aplicación, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2019-1295, CVE-2019-1296.", }, ], id: "CVE-2019-1257", lastModified: "2024-11-21T04:36:21.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:16.523", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1257", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-11 00:29
Modified
2024-11-21 04:13
Severity ?
Summary
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/104667 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1041257 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104667 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041257 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net_framework | 2.0 | |
| microsoft | .net_framework | 3.0 | |
| microsoft | windows_server_2008 | - | |
| microsoft | .net_framework | 3.5 | |
| microsoft | windows_10 | - | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_10 | 1703 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_8.1 | * | |
| microsoft | windows_server_2012 | * | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | * | |
| microsoft | .net_framework | 3.5.1 | |
| microsoft | windows_7 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | .net_framework | 4.5.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | * | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | * | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | * | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.6 | |
| microsoft | windows_server_2008 | * | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1607 | |
| microsoft | windows_server_2016 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | windows_10 | - | |
| microsoft | .net_framework | 4.6 | |
| microsoft | .net_framework | 4.6.1 | |
| microsoft | .net_framework | 4.6.2 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_7 | - | |
| microsoft | windows_8.1 | * | |
| microsoft | windows_rt_8.1 | - | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | * | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1709 | |
| microsoft | windows_server | 1709 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1803 | |
| microsoft | windows_server | 1803 | |
| microsoft | .net_framework | 4.7 | |
| microsoft | .net_framework | 4.7.1 | |
| microsoft | .net_framework | 4.7.2 | |
| microsoft | windows_10 | 1703 | |
| microsoft | project_server | 2010 | |
| microsoft | project_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", matchCriteriaId: "42A6DF09-B8E1-414D-97E7-453566055279", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", matchCriteriaId: "D400E856-2B2E-4CEA-8CA5-309FDF371CEA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", matchCriteriaId: "5F422A8C-2C4E-42C8-B420-E0728037E15C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", matchCriteriaId: "E039CE1F-B988-4741-AE2E-5B36E2AF9688", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", matchCriteriaId: "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", matchCriteriaId: "80EB5690-B20F-457A-A202-FBADAA17E05C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", matchCriteriaId: "AF6437F9-6631-49D3-A6C2-62329E278E31", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "8EDC4407-7E92-4E60-82F0-0C87D1860D3A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", matchCriteriaId: "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", matchCriteriaId: "40B3A045-B08A-44E0-91BE-726753F6A362", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", matchCriteriaId: "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", matchCriteriaId: "0C28897B-044A-447B-AD76-6397F8190177", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", matchCriteriaId: "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", matchCriteriaId: "80EB5690-B20F-457A-A202-FBADAA17E05C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", matchCriteriaId: "0C28897B-044A-447B-AD76-6397F8190177", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", matchCriteriaId: "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", matchCriteriaId: "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", matchCriteriaId: "21540673-614A-4D40-8BD7-3F07723803B0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", matchCriteriaId: "280FE663-23BE-45D2-9B31-5F577E390B48", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0B660D-1F30-4D45-B98B-726EDB8CB90F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", matchCriteriaId: "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", matchCriteriaId: "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", matchCriteriaId: "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", matchCriteriaId: "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", matchCriteriaId: "80EB5690-B20F-457A-A202-FBADAA17E05C", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", matchCriteriaId: "DB18C4CE-5917-401E-ACF7-2747084FD36E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", matchCriteriaId: "83B14968-3985-43C3-ACE5-8307196EFAE3", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*", matchCriteriaId: "E2817831-8725-4149-B694-44870F2B6938", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", matchCriteriaId: "7CB85C75-4D35-480E-843D-60579EC75FCB", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows_server:1803:*:*:*:*:*:*:*", matchCriteriaId: "2E732950-9F4C-434F-92EF-C1421CA35ADF", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", matchCriteriaId: "734112B3-1383-4BE3-8721-C0F84566B764", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "36B0E40A-84EF-4099-A395-75D6B8CDA196", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", matchCriteriaId: "AEE2E768-0F45-46E1-B6D7-087917109D98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "0B02D845-F95D-44D7-AB4C-2E464C3AB783", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "597153BC-B8A7-45E5-AE3F-D897FAE4C7FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \".NET Framework Remote Code Injection Vulnerability.\" This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código cuando Microsoft .NET Framework no valida las entradas correctamente. Esto también se conoce como \".NET Framework Remote Code Injection Vulnerability\". Esto afecta a Microsoft .NET Framework 2.0; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.5.2; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.7.1 y 4.7.2; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1 y 4.6.2; Microsoft .NET Framework 4.6,4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1 y 4.7.2 y Microsoft .NET Framework 4.7.2.", }, ], id: "CVE-2018-8284", lastModified: "2024-11-21T04:13:32.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-11T00:29:01.210", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104667", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041257", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104667", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:36
Severity ?
Summary
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad en Microsoft SharePoint cuando maneja inapropiadamente peticiones para autorizar aplicaciones, resultando en un problema de tipo cross-site request forgery (CSRF). Para explotar esta vulnerabilidad, un atacante necesitaría crear una página específicamente diseñada para causar una petición de tipo cross-site, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2019-1261.", }, ], id: "CVE-2019-1259", lastModified: "2024-11-21T04:36:21.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:16.570", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1259", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-12 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1035524 | ||
| secure@microsoft.com | http://www.securitytracker.com/id/1035525 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | ||
| secure@microsoft.com | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035524 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1035525 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | excel | 2007 | |
| microsoft | excel | 2010 | |
| microsoft | office_compatibility_pack | * | |
| microsoft | sharepoint_designer | 2007 | |
| microsoft | sharepoint_foundation | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:excel:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "94F5E2F8-0D37-4FCC-B55A-9F09C421272C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "E36D981E-E56D-46C7-9486-FC691A75C497", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_compatibility_pack:*:sp3:*:*:*:*:*:*", matchCriteriaId: "44BC7B7B-7191-431C-8CAE-83B3F0EFF03E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_designer:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "C3E93E7B-E61E-4755-8AE8-C333E6144655", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Microsoft Office Memory Corruption Vulnerability.\"", }, { lang: "es", value: "Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services en SharePoint Server 2007 SP3 y Excel Services en SharePoint Server 2010 SP2 permiten a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocida como \"Microsoft Office Memory Corruption Vulnerability\".", }, ], id: "CVE-2016-0136", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-12T23:59:08.587", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1035524", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1035525", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042", }, { source: "secure@microsoft.com", url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-042", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1224", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.", }, { lang: "es", value: "Hay una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software falla al comprobar la marcación del origen de un paquete de aplicaciones, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.", }, ], id: "CVE-2020-0932", lastModified: "2024-11-21T04:54:29.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:16.247", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-15 15:15
Modified
2024-11-21 06:28
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-42320", }, ], id: "CVE-2021-43242", lastModified: "2024-11-21T06:28:55.227", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-15T15:15:10.363", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-17 00:59
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/96748 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1038019 | ||
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96748 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038019 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka \"Microsoft SharePoint XSS Vulnerability.\"", }, { lang: "es", value: "Microsoft SharePoint Server falla al desinfectar solicitudes web manipuladas, permitiendo a atacantes remotos ejecutar XSS en un contexto local de seguridad, vulnerabilidad también conocida como \"Microsoft SharePoint XSS Vulnerability\".", }, ], id: "CVE-2017-0107", lastModified: "2024-11-21T03:02:21.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-17T00:59:02.900", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96748", }, { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1038019", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0107", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 16:15
Modified
2025-02-28 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | business_productivity_servers | 2010 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:business_productivity_servers:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "0CC3B020-7F19-49D5-8034-567E379C6CA3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891.", }, { lang: "es", value: "Esta vulnerabilidad es causada cuando SharePoint Server no sanea apropiadamente una petición especialmente diseñada en un servidor SharePoint afectado. Un atacante autenticado podría explotar esta vulnerabilidad mediante el envío de una petición especialmente diseñada hacia un servidor SharePoint afectado, también se conoce como \"Microsoft SharePoint Reflective XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-0891.", }, ], id: "CVE-2020-0795", lastModified: "2025-02-28T21:15:14.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-03-12T16:15:15.547", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0795", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\"", }, ], id: "CVE-2020-1443", lastModified: "2024-11-21T05:10:33.647", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:19.543", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-10-16 23:15
Modified
2024-11-21 05:07
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>
<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p>\n<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de divulgación de información cuando Microsoft SharePoint Server presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\". Esta ID de CVE es diferente de CVE-2020-16941, CVE-2020-16942, CVE-2020-16950, CVE-2020-16953", }, ], id: "CVE-2020-16948", lastModified: "2024-11-21T05:07:29.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-10-16T23:15:16.133", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16948", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16948", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-14 20:15
Modified
2024-11-21 07:43
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft Word Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2019 | |
| microsoft | office_long_term_servicing_channel | 2021 | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 | |
| microsoft | word | 2013 | |
| microsoft | word | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", matchCriteriaId: "40961B9E-80B6-42E0-A876-58B3CE056E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", matchCriteriaId: "BF0E8112-5B6F-4E55-8E40-38ADCF6FC654", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*", matchCriteriaId: "FA51E2C8-321F-454B-A9C1-060885C1F892", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "32E1400A-836A-4E48-B2CD-2B0A9A8241BA", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*", matchCriteriaId: "45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Word Remote Code Execution Vulnerability", }, ], id: "CVE-2023-21716", lastModified: "2024-11-21T07:43:29.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-02-14T20:15:14.360", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of Service Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_portal_server | 2003 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:*:*:*:*:*:*:*", matchCriteriaId: "1406756C-F15D-4AF8-A8BD-3ED7DF1E427D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "D133FB73-C7F6-481C-B050-C242C771ED21", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:*:*:*:*:*:*:*", matchCriteriaId: "993E5C5C-4C78-4CDA-BF67-5A35814EF621", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", matchCriteriaId: "858F70F4-3128-477D-ACAA-73F0AFA23A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "55C05DB1-03DC-454B-85E5-715938F0E13E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka \"SharePoint Denial of Service Vulnerability.\"", }, { lang: "es", value: "Microsoft SharePoint Portal Server 2003 SP3 y SharePoint Server 2007 SP3, 2010 SP1 y SP2, y 2013 no procesan correctamente flujos de trabajo no asignados, lo cual permite a atacantes remotos causar denegación de servicio (W3WP cuelgue de proceso) a través de una URL manipulada, también conocido como \"Vulnerabilidad de Denegación de Servicio en SharePoint\".", }, ], id: "CVE-2013-0081", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-11T14:03:47.987", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19036", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-11 22:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1031192 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1031192 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka \"SharePoint Elevation of Privilege Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de XSS en Microsoft SharePoint Foundation 2010 SP2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una lista modificada, también conocido como 'vulnerabilidad de la elevación de privilegios de SharePoint.'", }, ], id: "CVE-2014-4116", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-11-11T22:55:04.717", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1031192", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-073", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software presenta un fallo al comprobar el código fuente de un paquete de aplicación, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1595", }, ], id: "CVE-2020-1576", lastModified: "2024-11-21T05:10:52.793", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:21.527", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-494", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-11 19:15
Modified
2024-11-21 05:59
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-574/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-574/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server", }, ], id: "CVE-2021-28474", lastModified: "2024-11-21T05:59:44.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-05-11T19:15:09.093", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-574/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-574/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-436", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-11 19:15
Modified
2025-02-28 21:15
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint. Este ID de CVE es diferente de CVE-2021-26418, CVE-2021-31172", }, ], id: "CVE-2021-28478", lastModified: "2025-02-28T21:15:17.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-05-11T19:15:09.177", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-290", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-09 17:15
Modified
2024-11-21 06:45
Severity ?
Summary
Microsoft SharePoint Server Security Feature Bypass Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Security Feature Bypass Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Omisión de Funcionalidades de Seguridad de Microsoft SharePoint Server", }, ], id: "CVE-2022-21968", lastModified: "2024-11-21T06:45:48.010", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "secure@microsoft.com", type: "Secondary", }, ], }, published: "2022-02-09T17:15:08.587", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21968", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21968", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-13 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2015-6117.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securitytracker.com/id/1034653 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1034653 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka \"Microsoft SharePoint Security Feature Bypass,\" a different vulnerability than CVE-2015-6117.", }, { lang: "es", value: "Microsoft SharePoint Server 2013 SP1 y SharePoint Foundation 2013 SP1 permiten a usuarios remotos autenticados eludir las restricciones destinadas al Access Control Policy y llevar a cabo ataques de XSS mediante la modificación de un elemento web, también conocido como \"Microsoft SharePoint Security Feature Bypass\", una vulnerabilidad diferente a CVE-2015-6117.", }, ], id: "CVE-2016-0011", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-13T05:59:09.387", references: [ { source: "secure@microsoft.com", url: "http://www.securitytracker.com/id/1034653", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-004", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Tampering Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Tampering Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Manipulación de Microsoft SharePoint Server", }, ], id: "CVE-2021-1718", lastModified: "2024-11-21T05:44:58.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-01-12T20:15:34.870", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1718", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1718", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.", }, { lang: "es", value: "Hay una vulnerabilidad de \"spoofing\" cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.", }, ], id: "CVE-2020-0972", lastModified: "2024-11-21T04:54:34.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T15:15:18.340", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-05 23:29
Modified
2024-11-21 04:16
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/106866 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106866 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.", }, { lang: "es", value: "Existe una vulnerabilidad de ejecución remota de código en Microsoft SharePoint cuando el software no comprueba el marcado de origen de un paquete de una aplicación. Esto también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2019-0604.", }, ], id: "CVE-2019-0594", lastModified: "2024-11-21T04:16:55.480", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-05T23:29:00.443", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106866", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-11 19:15
Modified
2024-11-21 06:05
Severity ?
4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft SharePoint Information Disclosure Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Information Disclosure Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Divulgación de Información de Microsoft SharePoint", }, ], id: "CVE-2021-31171", lastModified: "2024-11-21T06:05:13.787", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-05-11T19:15:09.497", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98107 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98107 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka \"Microsoft SharePoint XSS Vulnerability\".", }, { lang: "es", value: "Microsoft SharePoint Foundation 2013 SP1 presenta una vulnerabilidad de elevación de privilegios cuando no desinfecta adecuadamente una solicitud web especialmente modificada, también conocida como \"Microsoft SharePoint XSS Vulnerability\"", }, ], id: "CVE-2017-0255", lastModified: "2024-11-21T03:02:38.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-12T14:29:04.113", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98107", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0255", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-09 03:29
Modified
2024-11-21 04:17
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente creada para un servidor de SharePoint afectado, también se conoce como “Microsoft Office SharePoint XSS Vulnerability”.", }, ], id: "CVE-2019-0778", lastModified: "2024-11-21T04:17:16.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-09T03:29:00.547", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0778", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Vulnerabilidad de suplantación de identidad en Microsoft SharePoint", }, ], id: "CVE-2020-17115", lastModified: "2024-11-21T05:07:50.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:14.433", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17115", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17115", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-13 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-071A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka \"Buffer Overflow Vulnerability.\"", }, { lang: "es", value: "Desbordamiento de búder en Microsoft SharePoint Server 2010 SP1 y SharePoint Foundation 2010 SP1, permite a atacantes remotos provocar una denegación de servicio (caída del proceso W3WP y agotamiento del sitio) a través de una URL manipulada, aka \"Buffer Overflow Vulnerability.\"", }, ], id: "CVE-2013-0085", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-13T00:55:01.230", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-071A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16414", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-13 01:15
Modified
2024-11-21 06:26
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-21-1224/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-1224/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-40487", }, ], id: "CVE-2021-41344", lastModified: "2024-11-21T06:26:06.130", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-10-13T01:15:13.257", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1224/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-1224/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-15 22:15
Modified
2025-01-02 19:16
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", matchCriteriaId: "157CBD57-8A1B-4B57-8371-88EF4254A663", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2022-30157", }, ], id: "CVE-2022-30158", lastModified: "2025-01-02T19:16:19.533", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, ], }, published: "2022-06-15T22:15:14.420", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30158", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30158", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>\n<p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p>\n<p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint donde las API no están protegidas apropiadamente de una entrada de datos no seguros, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576", }, ], id: "CVE-2020-1595", lastModified: "2024-11-21T05:10:55.210", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:21.903", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-494", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Elevación de Privilegios de Microsoft SharePoint. Este ID de CVE es diferente de CVE-2021-1719", }, ], id: "CVE-2021-1712", lastModified: "2024-11-21T05:44:57.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-01-12T20:15:34.527", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1712", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-11 19:15
Modified
2025-01-02 22:15
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2022-41036, CVE-2022-41037, CVE-2022-41038", }, ], id: "CVE-2022-38053", lastModified: "2025-01-02T22:15:18.543", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-10-11T19:15:20.240", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38053", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38053", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:09
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>
<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>
<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p>\n<p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p>\n<p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-1227, CVE-2020-1345, CVE-2020-1482, CVE-2020-1514, CVE-2020-1575", }, ], id: "CVE-2020-1198", lastModified: "2024-11-21T05:09:57.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:19.510", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1198", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-13 19:15
Modified
2024-11-21 07:28
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de Microsoft SharePoint Server", }, ], id: "CVE-2022-44693", lastModified: "2024-11-21T07:28:19.903", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-12-13T19:15:14.080", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44693", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-15 12:15
Modified
2024-11-21 06:17
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Summary
Microsoft SharePoint Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Spoofing Vulnerability", }, { lang: "es", value: "Una Vulnerabilidad de Suplantación de Identidad de Microsoft SharePoint Server. Este CVE ID es diferente de CVE-2021-38651", }, ], id: "CVE-2021-38652", lastModified: "2024-11-21T06:17:49.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2021-09-15T12:15:15.370", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38652", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-12 16:15
Modified
2025-02-28 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.", }, { lang: "es", value: "Existe una vulnerabilidad de tipo cross-site-scripting (XSS) cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada en un servidor SharePoint afectado, también se conoce como \"Microsoft Office SharePoint XSS Vulnerability\". Este ID de CVE es diferente de CVE-2020-0893.", }, ], id: "CVE-2020-0894", lastModified: "2025-02-28T21:15:15.177", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-03-12T16:15:20.847", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0894", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-12 14:29
Modified
2024-11-21 03:02
Severity ?
Summary
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/98297 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98297 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office | 2007 | |
| microsoft | office | 2010 | |
| microsoft | office | 2013 | |
| microsoft | office | 2016 | |
| microsoft | office_online_server | 2016 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2013 | |
| microsoft | project_server | 2013 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | skype_for_business | 2016 | |
| microsoft | word | 2016 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "FEECD12A-5BEF-4675-B62E-86CF4A7474D7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "081DE1E3-4622-4C32-8B9C-9AEC1CD20638", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "120690A6-E0A1-4E36-A35A-C87109ECC064", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*", matchCriteriaId: "E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_online_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "C6C0BD17-4324-4DFF-9804-1825C4C182A1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "B3C3FC9A-D8E5-493A-A575-C831A9A28815", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "597153BC-B8A7-45E5-AE3F-D897FAE4C7FB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "16F33176-442C-4EFF-8EA0-C640D203B939", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "B850873B-E635-439C-9720-8BBE59120EE1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*", matchCriteriaId: "D499807D-91F3-447D-B9F0-D612898C9339", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*", matchCriteriaId: "4DA042D4-B14E-4DDF-8423-DFB255679EFE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.", }, { lang: "es", value: "Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2, Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016 y Skype for Business 2016, permiten una vulnerabilidad de ejecución de código remota cuando el software no puede manejar apropiadamente los objetos en la memoria, también se conoce como \"Office Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2017-0261 y CVE-2017-0262.", }, ], id: "CVE-2017-0281", lastModified: "2024-11-21T03:02:41.037", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-12T14:29:06.660", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98297", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0281", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-10 00:15
Modified
2024-11-21 05:07
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft SharePoint Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2016 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", matchCriteriaId: "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Elevation of Privilege Vulnerability", }, { lang: "es", value: "Vulnerabilidad de elevación de privilegios en Microsoft SharePoint", }, ], id: "CVE-2020-17089", lastModified: "2024-11-21T05:07:47.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-12-10T00:15:13.870", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17089", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:10
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.</p>
<p>To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles processing of created content.</p>
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.</p>\n<p>To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles processing of created content.</p>\n", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint Server cuando presenta un fallo al identificar y filtrar correctamente los controles web ASP.Net no seguros, también se conoce como \"Microsoft SharePoint Server Remote Code Execution Vulnerability\"", }, ], id: "CVE-2020-1460", lastModified: "2024-11-21T05:10:35.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Secondary", }, ], }, published: "2020-09-11T17:15:20.840", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-11 14:03
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/ncas/alerts/TA13-253A | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_portal_server | 2003 | |
| microsoft | sharepoint_server | 2007 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_services | 2.0 | |
| microsoft | sharepoint_services | 3.0 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_portal_server:2003:sp3:*:*:*:*:*:*", matchCriteriaId: "D133FB73-C7F6-481C-B050-C242C771ED21", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2007:sp3:*:*:*:*:*:*", matchCriteriaId: "6B7AEA5E-C3D7-4E6D-96F0-5F9A175631C9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*", matchCriteriaId: "858F70F4-3128-477D-ACAA-73F0AFA23A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "55C05DB1-03DC-454B-85E5-715938F0E13E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "A8235774-4B57-4793-BE26-2CDE67532EDD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka \"MAC Disabled Vulnerability.\"", }, { lang: "es", value: "Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 y 2010 SP1 y SP2, y Office Web Apps 2010 no establecen el atributo EnableViewStateMac apropiadamete, lo que permite a atacantes remotos ejecutar código a discrección aprovechando un flujo de trabajo no asignado, tambien conocida como \"Vulnerabilidad de MAC Deshabilitada\".", }, ], id: "CVE-2013-1330", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-11T14:03:48.040", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA13-253A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19040", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-13 19:15
Modified
2024-11-21 07:15
Severity ?
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | - | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", matchCriteriaId: "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*", matchCriteriaId: "FA51E2C8-321F-454B-A9C1-060885C1F892", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SharePoint Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2022-37961, CVE-2022-38009", }, ], id: "CVE-2022-38008", lastModified: "2024-11-21T07:15:33.823", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2022-09-13T19:15:12.597", references: [ { source: "secure@microsoft.com", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38008", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:36
Severity ?
Summary
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint donde las API no están protegidas apropiadamente contra la entrada de datos no seguros, también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2019-1257, CVE-2019-1295.", }, ], id: "CVE-2019-1296", lastModified: "2024-11-21T04:36:25.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-11T22:15:18.697", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1296", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-02-14 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-045A.html | Third Party Advisory, US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-045A.html | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in wizardlist.aspx Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold y SP1 y SharePoint Foundation 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de secuencias JavaScript en una URL, también conocido como \"XSS in wizardlist.aspx Vulnerability.\"", }, ], id: "CVE-2012-0145", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-02-14T22:55:01.863", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-045A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-13 01:29
Modified
2024-11-21 03:34
Severity ?
Summary
An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/100753 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100753 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_foundation | 2013 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Cross Site Scripting Vulnerability\".", }, { lang: "es", value: "Existe una vulnerabilidad de elevación de privilegios en Microsoft SharePoint Foundation 2013 Service Pack 1 cuando no sanitiza correctamente una petición web especialmente manipulada a un servidor SharePoint afectado. Esto también se conoce como \"Microsoft SharePoint Cross Site Scripting Vulnerability\".", }, ], id: "CVE-2017-8745", lastModified: "2024-11-21T03:34:36.617", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-13T01:29:11.723", references: [ { source: "secure@microsoft.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100753", }, { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100753", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-10 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | http://www.us-cert.gov/cas/techalerts/TA12-192A.html | US Government Resource | |
| secure@microsoft.com | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | ||
| secure@microsoft.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA12-192A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | office_web_apps | 2010 | |
| microsoft | office_web_apps | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_foundation | 2010 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2010 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:*:*:*:*:*:*:*", matchCriteriaId: "FEAB1E34-AAEE-4C01-8FA8-6099A74F0731", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:office_web_apps:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "343EEB54-C1B1-4D7B-8780-5B5A5F2F840C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:*:*:*:*:*:*:*", matchCriteriaId: "35DF86AB-DCB4-496C-84EF-720E90BFA368", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "0C86EA4A-7108-4A3A-A447-19CB3CA76B08", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:*:*:*:*:*:*:*", matchCriteriaId: "DCBCB0A0-BC40-4E6B-BD06-A137BB964B7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:*:*:*:*:*:*", matchCriteriaId: "6FA65D4A-00C8-47E2-AF9F-6B420017CD29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"XSS scriptresx.ashx Vulnerability.\"", }, { lang: "es", value: "Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en scriptresx.ashx en Microsoft SharePoint Server 2010 Gold y SP1, SharePoint Foundation 2010 Gold y SP1, y Office Web Apps 2010 Gold y SP1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de elementos JavaScript en una URL, también conocido como \"XSS scriptresx.ashx Vulnerability.\"\r\n", }, ], id: "CVE-2012-1859", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-07-10T21:55:05.747", references: [ { source: "secure@microsoft.com", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "secure@microsoft.com", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "secure@microsoft.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA12-192A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15589", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-21 23:15
Modified
2024-11-21 05:09
Severity ?
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105.", }, { lang: "es", value: "Existe una vulnerabilidad de suplantación de identidad cuando Microsoft SharePoint Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de SharePoint afectado, también se conoce como \"Microsoft SharePoint Spoofing Vulnerability\". Este ID de CVE es diferente de CVE-2020-1104, CVE-2020-1105.", }, ], id: "CVE-2020-1107", lastModified: "2024-11-21T05:09:45.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-21T23:15:14.790", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
Summary
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439 | Patch, Vendor Advisory | |
| secure@microsoft.com | https://www.zerodayinitiative.com/advisories/ZDI-20-874/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-874/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | sharepoint_enterprise_server | 2013 | |
| microsoft | sharepoint_enterprise_server | 2016 | |
| microsoft | sharepoint_foundation | 2013 | |
| microsoft | sharepoint_server | 2010 | |
| microsoft | sharepoint_server | 2019 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "A5D3A185-BE57-403E-914E-FDECEC3A477C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", matchCriteriaId: "9C082CC4-6128-475D-BC19-B239E348FDB2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", matchCriteriaId: "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", matchCriteriaId: "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", matchCriteriaId: "6122D014-5BF1-4AF4-8B4D-80205ED7785E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.", }, { lang: "es", value: "Se presenta una vulnerabilidad de ejecución de código remota en PerformancePoint Services para SharePoint Server cuando el software presenta un fallo al comprobar el marcado de origen de una entrada de archivo XML, también se conoce como \"PerformancePoint Services Remote Code Execution Vulnerability\"", }, ], id: "CVE-2020-1439", lastModified: "2024-11-21T05:10:33.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-14T23:15:19.387", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439", }, { source: "secure@microsoft.com", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-874/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-20-874/", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }