CVE-2012-1860

Published: Jul 10, 2012Modified: Apr 29, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:P

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."

Affected (7)

Products: Microsoft: Office Web Apps, Sharepoint Server

Microsoft

2 products

Office Web Apps

Sharepoint Server

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office Web Apps	Version 2010
Microsoft Office Web Apps	Version 2010 sp1
Microsoft Sharepoint Server	Version 2007 sp1
Microsoft Sharepoint Server	Version 2007 sp2
Microsoft Sharepoint Server	Version 2007 sp3
Microsoft Sharepoint Server	Version 2010
Microsoft Sharepoint Server	Version 2010 sp1

Related CWEs

CWE-264

References (4)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15265

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.