vulnerability
Microsoft SharePoint: CVE-2020-1103: Microsoft SharePoint Information Disclosure Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | 2020-05-21 | 2023-05-15 | 2023-05-15 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
2020-05-21
Added
2023-05-15
Modified
2023-05-15
Description
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
Solution(s)
microsoft-sharepoint-sharepoint_2016-kb4484336microsoft-sharepoint-sharepoint_2019-kb4484332
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.