CVE-2018-0916 Information

Description

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized aka \Microsoft SharePoint Elevation of Privilege Vulnerability. This CVE is unique from CVE-2018-0909 CVE-2018-0910. CVE-2018-0911 CVE-2018-0912 CVE-2018-0913 CVE-2018-0914 CVE-2018-0915 CVE-2018-0917 CVE-2018-0921 CVE-2018-0923 CVE-2018-0944 and CVE-2018-0947.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/103294 http://www.securitytracker.com/id/1040513 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0916

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8