Endpoint Vulnerability

Microsoft Project Server Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be authenticated to (logged on) the target site.

Affected Products

Microsoft Project Server 2013 Service Pack 1,Microsoft SharePoint Enterprise Server 2016

References

CVE-2017-11876,