vulnerability

Microsoft CVE-2018-8635: Microsoft SharePoint Server Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	2018-12-11	2018-12-11	2023-02-27

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

2018-12-11

Added

2018-12-11

Modified

2023-02-27

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the context of the SharePoint application pool account.
To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server manages server authentication.

Solution(s)

msft-kb4461465-663e89bd-9f32-4a42-9e2f-a68dc4ddab22msft-kb4461558-0b65745b-1ab0-4f21-8f42-c596d73b2182

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today