Lucene search

[email protected]CVE-2017-11876

HistoryNov 15, 2017 - 3:29 a.m.

CVE-2017-11876

2017-11-1503:29:01

CWE-352

[email protected]

web.nvd.nist.gov

microsoft

project server

sharepoint

enterprise server

2016

cross-site forgery

elevation of privilege

vulnerability

cve-2017-11876

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.9%

JSON

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim’s identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka “Microsoft Project Server Elevation of Privilege Vulnerability”.

Affected configurations

Vulners

NVD

Node

microsoft_corporationmicrosoft_server

CPENameOperatorVersion
microsoft:project_servermicrosoft project servereq2013
microsoft:sharepoint_enterprise_servermicrosoft sharepoint enterprise servereq2016

CPE	Name	Operator	Version
microsoft:project_server	microsoft project server	eq	2013
microsoft:sharepoint_enterprise_server	microsoft sharepoint enterprise server	eq	2016

CNA Affected

[
  {
    "product": "Microsoft Server",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016"
      }
    ]
  }
]