Security feature bypass vulnerability in Microsoft SharePoint - CVE-2015-6117ID: oval:org.secpod.oval:def:32606 | Date: (C)2016-01-14 (M)2023-05-09 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft SharePoint Foundation or Server 2013 and is prone to a security feature bypass vulnerability. The flaws are present in the Microsoft SharePoint when Access Control Policy (ACP), which fails to handle modification of webpart. Successful exploitation could allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks.
Platform: |
Microsoft Windows 7 |
Microsoft Windows 8 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2008 R2 |
Product: |
Microsoft SharePoint Server 2013 |
Microsoft SharePoint Foundation 2013 |