Vulnerability Description
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Project Server | 2013 |
| Microsoft | Sharepoint Enterprise Server | 2016 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101754Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039788Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039789Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1187Issue TrackingPatchVendor Advisory
- http://www.securityfocus.com/bid/101754Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039788Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039789Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1187Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2017-11876?
CVE-2017-11876 is a vulnerability with a CVSS score of 8.8 (HIGH). Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to ...
How severe is CVE-2017-11876?
CVE-2017-11876 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-11876?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Project Server, Microsoft Sharepoint Enterprise Server.