CVE-2018-0923

moderate-risk

Published 2018-03-14

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947.

Do I need to act?

9.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (2)

Sharepoint Enterprise Server

Affected Vendors

Microsoft

References (6)

Third Party Advisory http://www.securityfocus.com/bid/103308

Third Party Advisory http://www.securitytracker.com/id/1040513

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0923

Third Party Advisory http://www.securityfocus.com/bid/103308

Third Party Advisory http://www.securitytracker.com/id/1040513

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0923

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 11/34 · Low

Exposure 7/34 · Low