Lucene search

MicrosoftCVE-2018-0921

HistoryMar 14, 2018 - 5:29 p.m.

CVE-2018-0921

2018-03-1417:29:02

CWE-79

microsoft

web.nvd.nist.gov

microsoft

sharepoint

enterprise

server

2016

elevation

privilege

vulnerability

web requests

sanitized

cve-2018-0921

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.013

Percentile

86.1%

JSON

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka “Microsoft SharePoint Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.

Affected configurations

Nvd

Vulners

Node

microsoftsharepoint_enterprise_serverMatch2016

VendorProductVersionCPE
microsoftsharepoint_enterprise_server2016cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	sharepoint_enterprise_server	2016	cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:::::::*

CNA Affected

[
  {
    "product": "Microsoft SharePoint",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft SharePoint Enterprise Server 2016"
      }
    ]
  }
]