Important 2018-11 archive

Executive Summary

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability. The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
N/A
MS Exploit Likelihood
Category Information Disclosure
Released Nov 13 2018
Last Updated Nov 13 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

1 affected product
Product KB Article Severity Impact Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4461483 (Security Update) Important Information Disclosure Maybe

Patches

1 patch
Article Type Restart
4461483 Security Update Maybe

Known Exploits

Acknowledgments

None