Important 2018-04 archive

Executive Summary

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted URL to a user of an affected SharePoint server. An attacker who successfully exploited the vulnerability could redirect users who are trying to access Silverlight content on an affected SharePoint server to malicious content if the targeted user does not already have Silverlight installed. This vulnerability requires that the user does not have Silverlight installed, clicks the specially crafted URL from the attacker, and clicks the link provided on SharePoint page to download Silverlight. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Exploitation Unlikely
MS Exploit Likelihood
Category Elevation of Privilege
Released Apr 10 2018
Last Updated Apr 10 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

2 affected products
Product KB Article Severity Impact Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4018342 (Security Update) Important Elevation of Privilege Maybe
Microsoft SharePoint Enterprise Server 2016 4018336 (Security Update) Important Elevation of Privilege Maybe

Patches

2 patches
Article Type Restart
4018342 Security Update Maybe
4018336 Security Update Maybe

Known Exploits

Acknowledgments