CVE-2018-8578

4 documents4 sources
Severity
4.3MEDIUM
EPSS
10.0%
top 6.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Microsoft SharepointMicrosoft Sharepoint Enterprise Server
Timeline
PublishedNov 14
Latest updateMay 13

Description

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5microsoft/microsoft_sharepointEnterprise Server 2013 Service Pack 1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-xj2f-r9jm-5w6p: An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web2022-05-13
CVEList
CVE-2018-8578: An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web2018-11-14

📋Vendor Advisories

1
Microsoft
Microsoft SharePoint Information Disclosure Vulnerability2018-11-13
CVE-2018-8578 (MEDIUM CVSS 4.3) | An information disclosure vulnerabi | cvebase.io