CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-1860

Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.8%

CVSS Severity

CVSS v2 Score 5.5

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265

Products affected by CVE-2012-1860

Microsoft » Office Web Apps » Version: 2010

cpe:2.3:a:microsoft:office_web_apps:2010
Microsoft » Sharepoint Server » Version: 2007

cpe:2.3:a:microsoft:sharepoint_server:2007
Microsoft » Sharepoint Server » Version: 2010

cpe:2.3:a:microsoft:sharepoint_server:2010

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-1860

Products

Pricing

Contact Us