vulnerability

Microsoft CVE-2018-0947: Microsoft Sharepoint Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Mar 13, 2018	Mar 13, 2018	Feb 27, 2023

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Mar 13, 2018

Added

Mar 13, 2018

Modified

Feb 27, 2023

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly verify tenant permissions. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
The attacker who successfully exploited the vulnerability could elevate permssions such that they gain full rights to the affected tenant. These attacks could allow the attacker to read content that the attacker is not authorized to read, change permissions, and edit or delete content.
The security update addresses the vulnerability by helping to ensure that SharePoint Server properly checks tenant permissions.

Solution

msft-kb4018304-2d110851-75ac-46d9-bfa1-b67b7e4b036e

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today