CVE-2017-11876
Description
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victims identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka Microsoft Project Server Elevation of Privilege Vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.976
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Microsoft Project Server Elevation of Privilege Vulnerability for Microsoft Project Server 2013 (KB4011257) | Windows |
| Microsoft Project Server Elevation of Privilege Vulnerability for Microsoft SharePoint Enterprise Server 2016 (KB4011244) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-23455 | Security Update for Microsoft SharePoint Enterprise Server 2016 (KB4011244) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234