FortiClient VulnerabilityMicrosoft SharePoint Server CVE-2018-8635 Elevation of Privilege Vulnerability
Description
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the context of the SharePoint application pool account. To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack. The update addresses the vulnerability by modifying how Microsoft SharePoint Server manages server authentication.
Affected Applications
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
CVE References
CVE-2018-8635Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2018-8635| ID | 56057 |
| Created | Dec 11, 2018 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Microsoft SharePoint Server 2010 Service Pack 2 , Microsoft SharePoint Enterprise Server 2013 Service Pack 1 , Microsoft SharePoint Enterprise Server 2016 |