CVE-2019-1202
Description
An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.To exploit this vulnerability, the attacker could run a specially crafted application.The security update corrects how SharePoint handles session objects to prevent user session hijacking.
Risk Information
Base Score
4.4
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.599
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft SharePoint Information Disclosure Vulnerability for Microsoft SharePoint Foundation 2010 (KB4475575) | Windows |
| SharePoint Information Disclosure Vulnerability for Microsoft SharePoint Foundation 2013 (KB4475565) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-27290 | Security Update for Microsoft SharePoint Foundation 2013 (KB4475565) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234