VDB
CVE-2017-11876
CVE-2017-11876
PUBLISHED
CVSS 8.800000190734863 HIGH
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
EPSS 0.98% · 77.1th percentile
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.98%
77.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | project_server | 2013 |
| microsoft | sharepoint_enterprise_server | 2016 |
| Microsoft Corporation | Microsoft Server | Microsoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016 |
Exploit Intelligence
- DONKEY0xSHOT/CVE-2017-11882-Blocker (github-poc)
- DONKEY0xSHOT/CVE-2017-11882-Blocker (github-poc)
- DONKEY0xSHOT/CVE-2017-11882-Blocker (github-poc)
- DONKEY0xSHOT/CVE-2017-11882-Blocker (github-poc)
- Simple PoC of CVE-2017-11882 (github-poc)
- Simple PoC of CVE-2017-11882 (github-poc)
- Simple PoC of CVE-2017-11882 (github-poc)
- Simple PoC of CVE-2017-11882 (github-poc)
- CVE-2017-11882 Preventer for .docx files (github-poc)
- CVE-2017-11882 Preventer for .docx files (github-poc)
…and 154 more exploits
Timeline
- Nov 15, 2017 CVE Published
- Nov 23, 2017 PoC Published
- Dec 27, 2017 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score