vulnerability

Microsoft CVE-2018-8635: Microsoft SharePoint Server Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Dec 11, 2018	Dec 11, 2018	Feb 27, 2023

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Dec 11, 2018

Added

Dec 11, 2018

Modified

Feb 27, 2023

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the context of the SharePoint application pool account.
To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server manages server authentication.

Solutions

msft-kb4461465-663e89bd-9f32-4a42-9e2f-a68dc4ddab22msft-kb4461558-0b65745b-1ab0-4f21-8f42-c596d73b2182

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report