Endpoint Vulnerability

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the context of the SharePoint application pool account. To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack. The update addresses the vulnerability by modifying how Microsoft SharePoint Server manages server authentication.

Affected Products

Microsoft SharePoint Server 2010 Service Pack 2,Microsoft SharePoint Enterprise Server 2013 Service Pack 1,Microsoft SharePoint Enterprise Server 2016

References

CVE-2018-8635,