CVE-2019-1202

Published: Aug 14, 2019Modified: Feb 20, 2026

4.4

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 1.8 / Impact: 2.5

Source: NVD

Description

An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a specially crafted application. The security update corrects how SharePoint handles session objects to prevent user session hijacking.

Affected (4)

Products: Microsoft: Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server

Microsoft

3 products

Sharepoint Enterprise Server

Sharepoint Foundation

Sharepoint Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Enterprise Server	Version 2016
Microsoft Sharepoint Foundation	Version 2010 sp2
Microsoft Sharepoint Foundation	Version 2013 sp1
Microsoft Sharepoint Server	Version 2019

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.