CVE-2018-8568

MEDIUM5.4Cross-site scripting

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

Microsoft / Microsoft SharePointEnterprise Server 2013 Service Pack 1 – Enterprise Server 2013 Service Pack 1
Microsoft / Microsoft SharePointEnterprise Server 2016 – Enterprise Server 2016
Microsoft / Microsoft SharePoint Server2019 – 2019

References

MISChttp://www.securityfocus.com/bid/105829
VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568
MISChttp://www.securitytracker.com/id/1042136