CVE-2017-11876: CSRF
First published: Wed Nov 15 2017(Updated: )
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Project Server | =2013-sp1 | |
| Microsoft SharePoint Enterprise Server | =2016 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/tags
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft project server
- version/microsoft project server/2013-sp1
- canonical/microsoft sharepoint enterprise server
- version/microsoft sharepoint enterprise server/2016