10
CVE-2013-1330
- EPSS 67.3%
- Published 11.09.2013 14:03:48
- Last modified 11.04.2025 00:51:21
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
The default configuration of Microsoft SharePoint Portal Server 2003 SP3, SharePoint Server 2007 SP3 and 2010 SP1 and SP2, and Office Web Apps 2010 does not set the EnableViewStateMac attribute, which allows remote attackers to execute arbitrary code by leveraging an unassigned workflow, aka "MAC Disabled Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Sharepoint Foundation Version2010 Updatesp1
Microsoft ≫ Sharepoint Foundation Version2010 Updatesp2
Microsoft ≫ Sharepoint Portal Server Version2003 Updatesp3
Microsoft ≫ Sharepoint Server Version2007 Updatesp3
Microsoft ≫ Sharepoint Server Version2010 Updatesp1
Microsoft ≫ Sharepoint Server Version2010 Updatesp2
Microsoft ≫ Sharepoint Services Version2.0
Microsoft ≫ Sharepoint Services Version3.0
Microsoft ≫ Office Web Apps Version2010 Updatesp1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 67.3% | 0.985 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.