Lucene search

[email protected]CVE-2018-0908

HistoryFeb 26, 2018 - 10:29 p.m.

CVE-2018-0908

2018-02-2622:29:00

CWE-79

[email protected]

web.nvd.nist.gov

microsoft

identity manager

2016

sp1

attacker

elevated privileges

sanitize

crafted attribute value

xss

elevation of privilege

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.4%

JSON

Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka “Microsoft Identity Manager XSS Elevation of Privilege Vulnerability.”

Affected configurations

Vulners

NVD

Node

microsoft_corporationmicrosoft_identity_manager

CPENameOperatorVersion
microsoft:identity_managermicrosoft identity managereq2016

CPE	Name	Operator	Version
microsoft:identity_manager	microsoft identity manager	eq	2016

CNA Affected

[
  {
    "product": "Microsoft Identity Manager",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Identity Manager 2016 SP1"
      }
    ]
  }
]