CVE-2017-11876 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-11876 PUBLISHED CVSS 8.800000190734863 HIGH

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".

EPSS 0.98% · 76.6th percentile

Risk Scores

CVSS v3.0

8.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

0.98%

76.6th percentile

Affected Products

Vendor	Product	Versions
microsoft	project_server	2013
microsoft	sharepoint_enterprise_server	2016
Microsoft Corporation	Microsoft Server	Microsoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016

Timeline

Nov 15, 2017 CVE Published
Nov 23, 2017 PoC Published
Dec 27, 2017 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/ advisory
1039789 vdb
1039788 vdb
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876 url
101754 vdb
https://nvd.nist.gov/vuln/detail/CVE-2017-11876 advisory

Open in Interactive Console →