Important 2018-12 archive

Executive Summary

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the context of the SharePoint application pool account. To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack. The update addresses the vulnerability by modifying how Microsoft SharePoint Server manages server authentication.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Exploitation Unlikely
MS Exploit Likelihood
Category Elevation of Privilege
Released Dec 11 2018
Last Updated Dec 11 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

3 affected products
Product KB Article Severity Impact Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4461558 (Security Update) Important Elevation of Privilege Maybe
Microsoft SharePoint Enterprise Server 2016 4461541 (Security Update) Important Elevation of Privilege Maybe
Microsoft SharePoint Server 2010 Service Pack 2 4461465 (Security Update) Important Elevation of Privilege Maybe

Patches

3 patches
Article Type Restart
4461558 Security Update Maybe
4461541 Security Update Maybe
4461465 Security Update Maybe

Known Exploits

Acknowledgments