CVE-2018-0923

Published: Mar 14, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947.

Affected (2)

Products: Microsoft: Sharepoint Enterprise Server

1 product

Sharepoint Enterprise Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Enterprise Server	Version 2013 sp1
Microsoft Sharepoint Enterprise Server	Version 2016

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.securityfocus.com/bid/103308

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040513

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0923

Source: secure@microsoft.com

PatchVendor Advisory

http://www.securityfocus.com/bid/103308

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040513

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0923

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.