cnvd-2018-11552
Vulnerability from cnvd

Title: Microsoft SharePoint Server远程权限提升漏洞(CNVD-2018-11552)

Description:

Microsoft Project Server 2010 SP2、Project Server 2013 SP1和SharePoint Enterprise Server 2016都是美国微软(Microsoft)公司的产品。Microsoft Project Server 2010 SP2和Project Server 2013 SP1都是适用于项目组合管理(PPM)和日常工作的项目管理解决方案。SharePoint Enterprise Server 2016是一套企业业务协作平台。

Microsoft Project Server 2010 SP2、Project Server 2013 SP1和SharePoint Enterprise Server 2016中存在远程权限提升漏洞,该漏洞源于SharePoint Server未能正确的过滤特制的Web请求。攻击者可通过发送特制的请求利用该漏洞实施跨站脚本攻击,在当前用户的安全上下文中执行脚本代码,未授权读取内容,或造成其他危害。

Severity:

Patch Name: Microsoft SharePoint Server远程权限提升漏洞(CNVD-2018-11552)的补丁

Patch Description:

Microsoft Project Server 2010 SP2、Project Server 2013 SP1和SharePoint Enterprise Server 2016都是美国微软(Microsoft)公司的产品。Microsoft Project Server 2010 SP2和Project Server 2013 SP1都是适用于项目组合管理(PPM)和日常工作的项目管理解决方案。SharePoint Enterprise Server 2016是一套企业业务协作平台。

Microsoft Project Server 2010 SP2、Project Server 2013 SP1和SharePoint Enterprise Server 2016中存在远程权限提升漏洞,该漏洞源于SharePoint Server未能正确的过滤特制的Web请求。攻击者可通过发送特制的请求利用该漏洞实施跨站脚本攻击,在当前用户的安全上下文中执行脚本代码,未授权读取内容,或造成其他危害。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息: https://portal.msrc.microsoft.com/zh-CN/security-guidance

Reference: https://portal.msrc.microsoft.com/zh-CN/security-guidance

Impacted products
Name
['Microsoft SharePoint Enterprise Server 2013 SP1', 'Microsoft SharePoint Enterprise Server 2016 0', 'Microsoft Project Server 2010 SP2']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "104048"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8156"
    }
  },
  "description": "Microsoft Project Server 2010 SP2\u3001Project Server 2013 SP1\u548cSharePoint Enterprise Server 2016\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Project Server 2010 SP2\u548cProject Server 2013 SP1\u90fd\u662f\u9002\u7528\u4e8e\u9879\u76ee\u7ec4\u5408\u7ba1\u7406\uff08PPM\uff09\u548c\u65e5\u5e38\u5de5\u4f5c\u7684\u9879\u76ee\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002SharePoint Enterprise Server 2016\u662f\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\r\n\r\nMicrosoft Project Server 2010 SP2\u3001Project Server 2013 SP1\u548cSharePoint Enterprise Server 2016\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSharePoint Server\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4\u7279\u5236\u7684Web\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u811a\u672c\u4ee3\u7801\uff0c\u672a\u6388\u6743\u8bfb\u53d6\u5185\u5bb9\uff0c\u6216\u9020\u6210\u5176\u4ed6\u5371\u5bb3\u3002",
  "discovererName": "Ashar Javed of Hyundai AutoEver Europe GmbH",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11552",
  "openTime": "2018-06-15",
  "patchDescription": "Microsoft Project Server 2010 SP2\u3001Project Server 2013 SP1\u548cSharePoint Enterprise Server 2016\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft Project Server 2010 SP2\u548cProject Server 2013 SP1\u90fd\u662f\u9002\u7528\u4e8e\u9879\u76ee\u7ec4\u5408\u7ba1\u7406\uff08PPM\uff09\u548c\u65e5\u5e38\u5de5\u4f5c\u7684\u9879\u76ee\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002SharePoint Enterprise Server 2016\u662f\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\r\n\r\nMicrosoft Project Server 2010 SP2\u3001Project Server 2013 SP1\u548cSharePoint Enterprise Server 2016\u4e2d\u5b58\u5728\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSharePoint Server\u672a\u80fd\u6b63\u786e\u7684\u8fc7\u6ee4\u7279\u5236\u7684Web\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u811a\u672c\u4ee3\u7801\uff0c\u672a\u6388\u6743\u8bfb\u53d6\u5185\u5bb9\uff0c\u6216\u9020\u6210\u5176\u4ed6\u5371\u5bb3\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft SharePoint Server\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-11552\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft SharePoint Enterprise Server 2013 SP1",
      "Microsoft SharePoint Enterprise Server 2016 0",
      "Microsoft Project Server 2010 SP2"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/zh-CN/security-guidance",
  "serverity": "\u4f4e",
  "submitTime": "2018-05-14",
  "title": "Microsoft SharePoint Server\u8fdc\u7a0b\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2018-11552\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.