Mageni Security Scanner Plugin

We can help you to find and fix this vulnerability for free.

Microsoft SharePoint Enterprise Server 2013 Multiple Vulnerabilities(KB4475522)

  • Severity Level:
    High Severity
  • CVSS Base Vector:
    AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Summary:
    This host is missing an important security update according to Microsoft KB4475522

  • Detection Method:
    Checks if a vulnerable version is present on the target host.

  • Technical Details:
    Multiple flaws due to, - An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys. - A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server.

  • Impact:
    Successful exploitation will allow an attacker to perform cross-site scripting attacks on affected systems and run script in the security context of the current user and read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user.

  • Affected Versions:
    Microsoft SharePoint Enterprise Server 2013 Service Pack 1

  • Recommendations:
    The vendor has released updates. Please see the references for more information.

  • Solution Type:
    Vendor Patch

  • Detection Type:
    Executable

  • CVSS Score:
    9.3
  • Family:
    Windows : Microsoft Bulletins
  • Creation Time:
    2019-07-10 07:37:37
  • Modification Time:
    2019-07-10 14:00:44
  • NVD CVE ID:
    CVE-2019-1134
    CVE-2019-1006
  • BID:
    109028, 108978
  • Keyword Search

    Search CVEs, Products and Vendors.

    Plugin Statistics

    Total Plugins: 66,687

    Download Mageni Vulnerability Platform

    Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage the vulnerabilities.