CVE-2018-8580
MEDIUM EXPLOITED IN THE WILDMicrosoft SharePoint - Info Disclosure
Title source: llmExploitation Summary
CVE-2018-8580 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106096
Scores
CVSS v3
4.3
EPSS
0.0430
EPSS Percentile
89.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
VulnCheck KEV
2021-01-21
InTheWild.io
2019-01-02
CWE
CWE-200
Status
published
Products (3)
microsoft/sharepoint_server
2010 sp2
microsoft/sharepoint_server
2013 sp1
microsoft/sharepoint_server
2016
Published
Dec 12, 2018
Tracked Since
Feb 18, 2026