Microsoft SharePoint Information Disclosure Vulnerability
CVE-2015-2556 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability."
Learn more about our Cis Benchmark Audit For Microsoft Sharepoint.