MS13-030: Vulnerability in SharePoint Could Allow Information Disclosure (2827663)

medium Nessus Plugin ID 65877

Synopsis

The version of SharePoint running on the remote host has an information disclosure vulnerability.

Description

The version of Microsoft SharePoint Server 2013 on the remote host is affected by an information disclosure vulnerability due to a flaw in the way SharePoint server enforces access controls on specific SharePoint Lists.

Solution

Microsoft has released a patch for SharePoint Server 2013.

See Also

http://www.nessus.org/u?e52365b9

Plugin Details

Severity: Medium

ID: 65877

File Name: smb_nt_ms13-030.nasl

Version: 1.12

Type: local

Agent: windows

Published: 4/10/2013

Updated: 1/28/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2013-1290

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:sharepoint_foundation, cpe:/a:microsoft:sharepoint_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 4/9/2013

Vulnerability Publication Date: 4/9/2013

Reference Information

CVE: CVE-2013-1290

BID: 58844

MSFT: MS13-030

MSKB: 2737969