CVE-2017-11876 (CNNVD-201711-505)
中文标题:
Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制漏洞
英文标题:
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cr...
漏洞描述
中文描述:
Microsoft Project Server和Microsoft SharePoint Enterprise Server 2016都是美国微软(Microsoft)公司的产品。Microsoft Project Server是一套适用于项目组合管理(PPM)和日常工作的项目管理解决方案。SharePoint Enterprise Server 2016是一套企业业务协作平台。 Microsoft Project Server和SharePoint Enterprise Server 2016中存在提权漏洞,该漏洞源于程序没有正确的管理用户会话。远程攻击者可利用该漏洞未授权读取内容并执行操作(更改权限、删除内容或向浏览器中注入恶意的内容)。
英文描述:
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Microsoft Corporation | Microsoft Server | Microsoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016 | - | - |
cpe:2.3:a:microsoft_corporation:microsoft_server:microsoft_project_server_2013,_microsoft_sharepoint_enterprise_server_2016:*:*:*:*:*:*:*
|
| microsoft | project_server | 2013 | - | - |
cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*
|
| microsoft | sharepoint_enterprise_server | 2016 | - | - |
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2017-11876 |
2025-11-11 15:19:17 | 2025-11-11 07:34:33 |
| NVD | nvd_CVE-2017-11876 |
2025-11-11 14:55:33 | 2025-11-11 07:43:12 |
| CNNVD | cnnvd_CNNVD-201711-505 |
2025-11-11 15:09:55 | 2025-11-11 07:53:25 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 跨站请求伪造
- cnnvd_id: 未提取 -> CNNVD-201711-505
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 8.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 1 -> 3
- data_sources: ['cve'] -> ['cve', 'nvd']