CVE-2017-11876
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
Published
2017-11-15T03:29:01.733
Last Modified
2025-04-20T01:37:25.860
Status
Deferred
Source
[email protected]
Severity
CVSSv3.0: 8.8 (HIGH)
CVSSv2 Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
- Access Vector: NETWORK
- Access Complexity: MEDIUM
- Authentication: NONE
- Confidentiality Impact: PARTIAL
- Integrity Impact: PARTIAL
- Availability Impact: PARTIAL
Exploitability Score
8.6
Impact Score
6.4
Weaknesses
Affected Vendors & Products
References
-
http://www.securityfocus.com/bid/101754
Third Party Advisory, VDB Entry
([email protected])
-
http://www.securitytracker.com/id/1039788
Third Party Advisory, VDB Entry
([email protected])
-
http://www.securitytracker.com/id/1039789
Third Party Advisory, VDB Entry
([email protected])
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876
Issue Tracking, Patch, Vendor Advisory
([email protected])
-
http://www.securityfocus.com/bid/101754
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securitytracker.com/id/1039788
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securitytracker.com/id/1039789
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876
Issue Tracking, Patch, Vendor Advisory
(af854a3a-2127-422b-91ae-364da2661108)