CVE-2013-1290Sensitive Information Exposure in Microsoft Sharepoint Server

CWE-2643 documents3 sources
Severity
3.5LOWNVD
EPSS
13.3%
top 5.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Sharepoint Server
Timeline
PublishedApr 9
Latest updateMay 14

Description

Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v7rc-wwx8-7hh9: Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a Share2022-05-14
CVEList
CVE-2013-1290: Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a Share2013-04-09
CVE-2013-1290 — Sensitive Information Exposure | cvebase