Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-1202)

Description

An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a specially crafted application. The security update corrects how SharePoint handles session objects to prevent user session hijacking.

Remediation

References

Related Vulnerabilities

MySQL CVE-2016-0666 Vulnerability (CVE-2016-0666)

WordPress Plugin Weather for us-animated weather widget Crypto Mining (1.8)

Drupal Core 7.x Cross-Site Scripting (7.0 - 7.69)

Joomla Missing Authorization Vulnerability (CVE-2020-10239)

Oracle Application Server CVE-2007-5521 Vulnerability (CVE-2007-5521)

Severity

Medium

Classification

CVE-2019-1202 CWE-200 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities