CVE-2018-0869 — Cross-site Scripting in Corporation Sharepoint Server

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.9%

top 25.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Sharepoint Server Microsoft Sharepoint Enterprise Server

Timeline

PublishedFeb 15

Latest updateMay 14

Description

SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmicrosoft/sharepoint_enterprise_server2016

▶CVEListV5microsoft_corporation/sharepoint_serverSharePoint Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-rgxx-qm2j-46fq: SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Priv↗2022-05-14

▶

CVEList

CVE-2018-0869: SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Priv↗2018-02-15

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Elevation of Privilege Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶