4.4
CVE-2019-1202
- EPSS 0.6%
- Published 14.08.2019 21:15:18
- Last modified 21.11.2024 04:36:14
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a specially crafted application. The security update corrects how SharePoint handles session objects to prevent user session hijacking.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Sharepoint Enterprise Server Version2016
Microsoft ≫ Sharepoint Foundation Version2010 Updatesp2
Microsoft ≫ Sharepoint Foundation Version2013 Updatesp1
Microsoft ≫ Sharepoint Server Version2019
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.6% | 0.684 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 4.4 | 1.8 | 2.5 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.