vulnerability

Microsoft CVE-2020-1103: Microsoft SharePoint Information Disclosure Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	May 12, 2020	May 12, 2020	Feb 27, 2023

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

May 12, 2020

Added

May 12, 2020

Modified

Feb 27, 2023

Description

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

Solution

msft-kb4484364-305add0d-bc8d-4b1c-89b6-798c7fa22cad

References

CVE-2020-1103
https://attackerkb.com/topics/CVE-2020-1103
MSKB-4484332
MSKB-4484336
MSKB-4484364

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today