CVE-2013-1290 Information

Description

Microsoft SharePoint Server 2013 in certain configurations involving legacy My Sites does not properly establish default access controls for a SharePoint list which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list’s location aka \Incorrect Access Rights Information Disclosure Vulnerability.\

Reference

http://www.us-cert.gov/ncas/alerts/TA13-100A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-030 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A15758