CVE-2019-1202

An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a specially crafted application. The security update corrects how SharePoint handles session objects to prevent user session hijacking.

Published: Aug 14, 2019
Updated: May 30, 2024
CVE: CVE-2019-1202
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
microsoft / sharepoint_foundation	2010-sp2	2010-sp2.x
microsoft / sharepoint_foundation	2013-sp1	2013-sp1.x
microsoft / sharepoint_enterprise_server	2016	2016.x
microsoft / sharepoint_server	2019	2019.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202

Vulnerability Database

289,697

CVE-2019-1202