2013-04-09 22:00:00
microsoft
PUBLISHED
Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a lists location, aka "Incorrect Access Rights Information Disclosure Vulnerability."