CVE-2018-8300

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.8HIGH

EPSS

22.9%

top 4.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Sharepoint Microsoft Sharepoint Enterprise Server

Timeline

PublishedJul 11

Latest updateMay 14

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5microsoft/microsoft_sharepointEnterprise Server 2016, Foundation 2013 Service Pack 1+1

▶NVDmicrosoft/sharepoint_enterprise_server2013, 2016+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r894-c8ph-2pv7: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka↗2022-05-14

▶

CVEList

CVE-2018-8300: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka↗2018-07-11

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Remote Code Execution Vulnerability↗2018-07-10

▶