| Vulnerability Name: | CVE-2008-4032 (CCN-46854) | ||||||||
| Assigned: | 2008-12-09 | ||||||||
| Published: | 2008-12-09 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability." | ||||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-287 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-4032 Source: CCN Type: HP Security Bulletin HPSBST02394 SSRT080183 rev.1 Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-070 to MS08-077 Source: CCN Type: SA33063 Microsoft Office SharePoint Server Security Bypass Vulnerability Source: SECUNIA Type: UNKNOWN 33063 Source: CCN Type: SECTRACK ID: 1021367 Microsoft Office SharePoint Server Access Control Flaw Lets Remote Users Gain Administrative Access Source: CCN Type: ASA-2008-477 MS08-077 Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) Source: CCN Type: Microsoft Security Bulletin MS08-077 Vulnerability in Microsoft Office Sharepoint Server Could Cause Elevation of Privilege (957175) Source: CCN Type: Microsoft Security Bulletin MS10-039 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) Source: CCN Type: Microsoft Security Bulletin MS10-072 Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) Source: CCN Type: BID-32638 Microsoft SharePoint Server Unauthorized Access Vulnerability Source: SECTRACK Type: UNKNOWN 1021367 Source: CERT Type: US Government Resource TA08-344A Source: VUPEN Type: UNKNOWN ADV-2008-3389 Source: MS Type: UNKNOWN MS08-077 Source: XF Type: UNKNOWN ms-sharepoint-privilege-escalation(46854) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:5774 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||