Microsoft SharePoint Enterprise Server 2016 Multiple Vulnerabilities (KB4475520)
Severity Level: High Severity
CVSS Base Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Summary: This host is missing an important security
update according to Microsoft KB4475520
Detection Method: Checks if a vulnerable version is present
on the target host.
Technical Details: Multiple flaws exists due to,
- An authentication bypass vulnerability exists in Windows Communication
Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing
of SAML tokens with arbitrary symmetric keys.
- A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint
Server does not properly sanitize a specially crafted web request to an affected
Impact: Successful exploitation will allow an attacker
to perform cross-site scripting attacks on affected systems and run script in
the security context of the current user and read content that the attacker is
not authorized to read, use the victim's identity to take actions on the
SharePoint site on behalf of the user.
Affected Versions: Microsoft SharePoint Enterprise Server 2016
Recommendations: The vendor has released updates. Please see
the references for more information.
Solution Type: Vendor Patch
Detection Type: Executable
CVSS Score: 9.3
Family: Windows : Microsoft Bulletins
Creation Time: 2019-07-10 07:57:24
Modification Time: 2019-07-10 14:00:44
NVD CVE ID:
Total Plugins: 66,687
Download Mageni Vulnerability Platform
Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage the vulnerabilities.