CVE-2013-1290

Name: CVE-2013-1290
Creator: NVD / NIST
Published: 2013-04-09T22:55:01.127+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 16.99%

Last modified Jun 16, 2026

CVE-2013-1290 is a vulnerability of currently unknown severity. Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability.". EPSS estimates a 16.99% chance of exploitation in the next 30 days.

Description

Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."

Metrics

EPSS Probability

16.99%

96.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Microsoft	Sharepoint Server	2013

References

Timeline

Published: Apr 9, 2013
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2013-1290?

How severe is CVE-2013-1290?

Severity scoring for CVE-2013-1290 is pending analysis. The EPSS model estimates a 16.99% probability of exploitation in the next 30 days.

How do I fix CVE-2013-1290?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-1290?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST