(MS13-030) Vulnerability in SharePoint Could Allow Information Disclosure (2827663)

  Severity: HIGH
  CVE Identifier: CVE-2013-1290
  Advisory Date: MAY 14, 2013

  DESCRIPTION

This security update resolves a publicly disclosed vulnerability in Microsoft SharePoint Server. The vulnerability, if left unpatched, may allow information disclosure if an attacker has determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability.

The vulnerability addressed in this patch affects Microsoft SharePoint Server 2013.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Microsoft SharePoint Server 2013