CVE-2019-1202
MEDIUMMicrosoft SharePoint - Authenticated Session Hijacking via Session Object Handling
Title source: llmDescription
An information disclosure vulnerability exists in the way Microsoft SharePoint handles session objects. An authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit this vulnerability, the attacker could run a specially crafted application. The security update corrects how SharePoint handles session objects to prevent user session hijacking.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1202
Scores
CVSS v3
4.4
EPSS
0.0159
EPSS Percentile
72.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-200
Status
published
Products (4)
microsoft/sharepoint_enterprise_server
2016
microsoft/sharepoint_foundation
2010 sp2
microsoft/sharepoint_foundation
2013 sp1
microsoft/sharepoint_server
2019
Published
Aug 14, 2019
Tracked Since
Feb 18, 2026