CVE-2017-11876

Summary

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".

Affected Software

VendorProductVersion RangeStatus
Microsoft CorporationMicrosoft ServerMicrosoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016affected

Weaknesses

  • Elevation of Privilege

ADP Enrichment

CVE Program Container

Additional References

References