vulnerability

Microsoft CVE-2019-1259: Microsoft SharePoint Spoofing Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	2019-09-10	2019-09-10	2023-02-27

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

2019-09-10

Added

2019-09-10

Modified

2023-02-27

Description

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).
To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes user web requests.

Solution

msft-kb4484098-da8f3e69-0440-4bde-86fc-2250e6418ac0

References

CVE-2019-1259
https://attackerkb.com/topics/CVE-2019-1259
MSKB-4484098

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today