CNVD-2018-11552
Vulnerability from cnvd - Published: 2018-06-15
VLAI Severity ?
Title
Microsoft SharePoint Server远程权限提升漏洞(CNVD-2018-11552)
Description
Microsoft Project Server 2010 SP2、Project Server 2013 SP1和SharePoint Enterprise Server 2016都是美国微软(Microsoft)公司的产品。Microsoft Project Server 2010 SP2和Project Server 2013 SP1都是适用于项目组合管理(PPM)和日常工作的项目管理解决方案。SharePoint Enterprise Server 2016是一套企业业务协作平台。
Microsoft Project Server 2010 SP2、Project Server 2013 SP1和SharePoint Enterprise Server 2016中存在远程权限提升漏洞,该漏洞源于SharePoint Server未能正确的过滤特制的Web请求。攻击者可通过发送特制的请求利用该漏洞实施跨站脚本攻击,在当前用户的安全上下文中执行脚本代码,未授权读取内容,或造成其他危害。
Severity
低
Patch Name
Microsoft SharePoint Server远程权限提升漏洞(CNVD-2018-11552)的补丁
Patch Description
Microsoft Project Server 2010 SP2、Project Server 2013 SP1和SharePoint Enterprise Server 2016都是美国微软(Microsoft)公司的产品。Microsoft Project Server 2010 SP2和Project Server 2013 SP1都是适用于项目组合管理(PPM)和日常工作的项目管理解决方案。SharePoint Enterprise Server 2016是一套企业业务协作平台。
Microsoft Project Server 2010 SP2、Project Server 2013 SP1和SharePoint Enterprise Server 2016中存在远程权限提升漏洞,该漏洞源于SharePoint Server未能正确的过滤特制的Web请求。攻击者可通过发送特制的请求利用该漏洞实施跨站脚本攻击,在当前用户的安全上下文中执行脚本代码,未授权读取内容,或造成其他危害。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://portal.msrc.microsoft.com/zh-CN/security-guidance
Reference
https://portal.msrc.microsoft.com/zh-CN/security-guidance
Impacted products
| Name | ['Microsoft SharePoint Enterprise Server 2013 SP1', 'Microsoft SharePoint Enterprise Server 2016 0', 'Microsoft Project Server 2010 SP2'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "104048"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-8156"
}
},
"description": "Microsoft Project Server 2010 SP2\u3001Project Server 2013 SP1\u548cSharePoint Enterprise Server 2016\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Project Server 2010 SP2\u548cProject Server 2013 SP1\u90fd\u662f\u9002\u7528\u4e8e\u9879\u76ee\u7ec4\u5408\u7ba1\u7406\uff08PPM\uff09\u548c\u65e5\u5e38\u5de5\u4f5c\u7684\u9879\u76ee\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002SharePoint Enterprise Server 2016\u662f\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\r\n\r\nMicrosoft Project Server 2010 SP2\u3001Project Server 2013 SP1\u548cSharePoint Enterprise Server 2016\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSharePoint Server\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4\u7279\u5236\u7684Web\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u811a\u672c\u4ee3\u7801\uff0c\u672a\u6388\u6743\u8bfb\u53d6\u5185\u5bb9\uff0c\u6216\u9020\u6210\u5176\u4ed6\u5371\u5bb3\u3002",
"discovererName": "Ashar Javed of Hyundai AutoEver Europe GmbH",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-11552",
"openTime": "2018-06-15",
"patchDescription": "Microsoft Project Server 2010 SP2\u3001Project Server 2013 SP1\u548cSharePoint Enterprise Server 2016\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Project Server 2010 SP2\u548cProject Server 2013 SP1\u90fd\u662f\u9002\u7528\u4e8e\u9879\u76ee\u7ec4\u5408\u7ba1\u7406\uff08PPM\uff09\u548c\u65e5\u5e38\u5de5\u4f5c\u7684\u9879\u76ee\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002SharePoint Enterprise Server 2016\u662f\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\r\n\r\nMicrosoft Project Server 2010 SP2\u3001Project Server 2013 SP1\u548cSharePoint Enterprise Server 2016\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSharePoint Server\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4\u7279\u5236\u7684Web\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u811a\u672c\u4ee3\u7801\uff0c\u672a\u6388\u6743\u8bfb\u53d6\u5185\u5bb9\uff0c\u6216\u9020\u6210\u5176\u4ed6\u5371\u5bb3\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft SharePoint Server\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-11552\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Microsoft SharePoint Enterprise Server 2013 SP1",
"Microsoft SharePoint Enterprise Server 2016 0",
"Microsoft Project Server 2010 SP2"
]
},
"referenceLink": "https://portal.msrc.microsoft.com/zh-CN/security-guidance",
"serverity": "\u4f4e",
"submitTime": "2018-05-14",
"title": "Microsoft SharePoint Server\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-11552\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…