CVE-2019-1202

Summary

An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a specially crafted application. The security update corrects how SharePoint handles session objects to prevent user session hijacking.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft SharePoint Enterprise Server 201616.0.0 < publicationaffected
MicrosoftMicrosoft SharePoint Foundation 2010 Service Pack 213.0.0 < publicationaffected
MicrosoftMicrosoft SharePoint Foundation 2013 Service Pack 115.0.0 < publicationaffected
MicrosoftMicrosoft SharePoint Server 201916.0.0 < publicationaffected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References