CVE Vulnerabilities

CVE-2008-4032

Improper Authentication

Published: Dec 10, 2008 | Modified: Oct 12, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and create scripts that would run in the context of the site via requests to administrative URIs, aka Access Control Vulnerability.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Office_sharepoint_server Microsoft 2007 2007
Office_sharepoint_server Microsoft 2007 2007
Office_sharepoint_server Microsoft 2007 2007
Office_sharepoint_server Microsoft 2007 2007
Search_server Microsoft 2008 2008
Search_server Microsoft 2008 2008

Potential Mitigations

References