CVE-2018-8635 — Microsoft SharePoint Server Elevation of Privilege Vulnerability
Executive Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the context of the SharePoint application pool account. To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack. The update addresses the vulnerability by modifying how Microsoft SharePoint Server manages server authentication.
Overview
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4461558 (Security Update) |
Important | Elevation of Privilege | Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4461541 (Security Update) |
Important | Elevation of Privilege | Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4461465 (Security Update) |
Important | Elevation of Privilege | Maybe |
Patches
| Article | Type | Restart |
|---|---|---|
4461558 |
Security Update | Maybe |
4461541 |
Security Update | Maybe |
4461465 |
Security Update | Maybe |