vulnerability

Microsoft CVE-2019-1261: Microsoft SharePoint Spoofing Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Sep 10, 2019	Sep 10, 2019	Feb 27, 2023

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Sep 10, 2019

Added

Sep 10, 2019

Modified

Feb 27, 2023

Description

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).
To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes user web requests.

Solution

msft-kb4484098-da8f3e69-0440-4bde-86fc-2250e6418ac0

References

CVE-2019-1261
https://attackerkb.com/topics/CVE-2019-1261
MSKB-4475590
MSKB-4475596
MSKB-4484098

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today