Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft SharePoint Server vulnerability could allow information disclosure


Report ID: MS201304003
Date Published: 10 April 2013

Criticality: Important
Compromise Type: information-disclosure
Compromise From: remote


Affected Product/Component:

Microsoft SharePoint Server 2013 (coreserverloc)




Summary

A vulnerability in Microsoft SharePoint Server could lead to information disclosure, where the attacker could be able to access sensitive documents.



Detailed Description

Microsoft has released a security update to address an information disclosure vulnerability that was reported found in the SharePoint Server. The vulnerability was caused by the way that SharePoint applies access controls to a list. If successfully exploited, an attacker could be able to access sensitive documents.

This issue has beed resolved by making a correction on the way that default access control are applied to the SharePoint list. Users are recommended to install the latest update as a protection measure against possible exploit attempts.



CVE Reference

CVE-2013-1290



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-030)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.