CVE-2018-0947

Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944.

Published: Mar 14, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-0947
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / sharepoint_enterprise_server	2016	2016.x
microsoft / sharepoint_enterprise_server	2013-sp1	2013-sp1.x

http://www.securityfocus.com/bid/103306
http://www.securitytracker.com/id/1040513
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0947

Vulnerability Database

289,697

CVE-2018-0947