Vulnerability Name: | CVE-2018-0789 (CCN-136916) | ||||||||||||
Assigned: | 2017-12-01 | ||||||||||||
Published: | 2018-01-09 | ||||||||||||
Updated: | 2019-10-03 | ||||||||||||
Summary: | Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790. | ||||||||||||
CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
Vulnerability Type: | CWE-noinfo | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-0789 Source: BID Type: Third Party Advisory, VDB Entry 102394 Source: CCN Type: BID-102394 Microsoft SharePoint Server CVE-2018-0789 Remote Privilege Escalation Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040150 Source: XF Type: UNKNOWN ms-sharepoint-cve20180789-priv-esc(136916) Source: CCN Type: Microsoft Security TechCenter - January 2018 Microsoft SharePoint Elevation of Privilege Vulnerability Source: CONFIRM Type: Patch, Vendor Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0789 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |