Vulnerabilities > Microsoft > Sharepoint Enterprise Server > 2013

DATE CVE VULNERABILITY TITLE RISK
2019-07-15 CVE-2019-1006 Improper Certificate Validation vulnerability in Microsoft products
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
network
low complexity
microsoft CWE-295
7.5
2019-06-12 CVE-2019-1034 Unspecified vulnerability in Microsoft products
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.
local
low complexity
microsoft
7.8
2019-04-09 CVE-2019-0831 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
low complexity
microsoft CWE-79
5.4
2019-03-05 CVE-2019-0670 Improper Input Validation vulnerability in Microsoft products
A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.
network
low complexity
microsoft CWE-20
6.1
2019-03-05 CVE-2019-0668 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
network
low complexity
microsoft CWE-79
8.8
2019-01-08 CVE-2019-0562 Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
network
low complexity
microsoft
5.4
2018-12-12 CVE-2018-8635 Improper Input Validation vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
network
low complexity
microsoft CWE-20
8.8
2018-11-14 CVE-2018-8578 Unspecified vulnerability in Microsoft Sharepoint Enterprise Server 2013
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft
4.3
2018-10-10 CVE-2018-8518 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
2018-10-10 CVE-2018-8498 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4