vulnerability
Microsoft CVE-2018-8300: Microsoft SharePoint Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Jul 10, 2018 | Jul 10, 2018 | Feb 27, 2023 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Jul 10, 2018
Added
Jul 10, 2018
Modified
Feb 27, 2023
Description
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint.
The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.
Solution
msft-kb4022243-573f4064-40d7-46b0-acf0-f1fff061a4b7
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.