CVE-2013-1290

Description

Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a lists location, aka Incorrect Access Rights Information Disclosure Vulnerability.

Risk Information

Base Score

7.5

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

13.302

Associated Vulnerability

Vulnerability	OS Platform
Security Update for Microsoft SharePoint Enterprise Server 2013 (KB2737969)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-13421	Security Update for Microsoft SharePoint Enterprise Server 2013 (KB2737969)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234