7.5

CVE-2008-4032

EPSS 59.43%
Published 10.12.2008 14:00:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Office Sharepoint Server Version2007 Editionx32

Microsoft ≫ Office Sharepoint Server Version2007 Editionx64

Microsoft ≫ Office Sharepoint Server Version2007 Updatesp1 Editionx32

Microsoft ≫ Office Sharepoint Server Version2007 Updatesp1 Editionx64

Microsoft ≫ Search Server Version2008 Editionx32

Microsoft ≫ Search Server Version2008 Editionx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	59.43%	0.982

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.us-cert.gov/cas/techalerts/TA08-344A.html

US Government Resource

http://secunia.com/advisories/33063

http://www.securitytracker.com/id?1021367

http://www.vupen.com/english/advisories/2008/3389

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-077

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5774

https://nvd.nist.gov/vuln/detail/CVE-2008-4032

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4032

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4032

EUVD