CVE-2018-0912

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
8.8HIGH
EPSS
9.9%
top 6.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Corporation Microsoft SharepointMicrosoft Project ServerMicrosoft Sharepoint Enterprise Server
Timeline
PublishedMar 14
Latest updateMay 13

Description

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft_corporation/microsoft_sharepointMicrosoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-jmmm-7mh8-g38q: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially c2022-05-13
CVEList
CVE-2018-0912: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially c2018-03-14

📋Vendor Advisories

1
Microsoft
Microsoft SharePoint Elevation of Privilege Vulnerability2018-03-13
CVE-2018-0912 (HIGH CVSS 8.8) | Microsoft Project Server 2013 SP1 a | cvebase.io