CVE-2020-1103
CVE-2020-1103
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 2.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
21 may 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.