CVE-2018-8580

MEDIUM EXPLOITED IN THE WILD

Microsoft SharePoint - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-8580 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106096

Scores

CVSS v3 4.3
EPSS 0.0430
EPSS Percentile 89.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2021-01-21
InTheWild.io 2019-01-02
CWE
CWE-200
Status published
Products (3)
microsoft/sharepoint_server 2010 sp2
microsoft/sharepoint_server 2013 sp1
microsoft/sharepoint_server 2016
Published Dec 12, 2018
Tracked Since Feb 18, 2026