CVE-2018-0911
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
Microsoft Project Server 2013 SP1 y Microsoft SharePoint Enterprise Server 2016 permiten una vulnerabilidad de elevaciĆ³n de privilegios debido a la forma en la que se sanean las peticiones web especialmente manipuladas. Esto tambiĆ©n se conoce como "Microsoft SharePoint Elevation of Privilege Vulnerability". El ID de este CVE es diferente de CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 y CVE-2018-0947.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-01 CVE Reserved
- 2018-03-14 CVE Published
- 2024-01-22 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/103281 | Third Party Advisory | |
http://www.securitytracker.com/id/1040513 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0911 | 2019-10-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Project Server Search vendor "Microsoft" for product "Project Server" | 2013 Search vendor "Microsoft" for product "Project Server" and version "2013" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Sharepoint Enterprise Server Search vendor "Microsoft" for product "Sharepoint Enterprise Server" | 2016 Search vendor "Microsoft" for product "Sharepoint Enterprise Server" and version "2016" | - |
Affected
|