CVE-2017-11876 Information

Description

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read use the victim’s identity to take actions on the web application on behalf of the victim such as change permissions and delete content and inject malicious content in the browser of the victim aka \Microsoft Project Server Elevation of Privilege Vulnerability.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/101754 http://www.securitytracker.com/id/1039788 http://www.securitytracker.com/id/1039789 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8