Search

Find a vulnerability

Search criteria

    70 vulnerabilities found for Microsoft SharePoint by Microsoft

    CVE-2019-0585 (GCVE-0-2019-0585)

    Vulnerability from nvd – Published: 2019-01-08 21:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Word Affected: Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2016 for Mac
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Affected: Web Apps Server 2010 Service Pack 2
    Create a notification for this product.
    Microsoft Microsoft Office Word Viewer Affected: Microsoft Office Word Viewer
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Office Online Server Affected: Microsoft Office Online Server
    Create a notification for this product.
    Microsoft Microsoft Word Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Affected: 2019
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585"
              },
              {
                "name": "106392",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106392"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Word",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                },
                {
                  "status": "affected",
                  "version": "Web Apps Server 2010 Service Pack 2"
                }
              ]
            },
            {
              "product": "Microsoft Office Word Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Office Word Viewer"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Office Online Server"
                }
              ]
            },
            {
              "product": "Microsoft Word",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585"
            },
            {
              "name": "106392",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106392"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0585",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Word",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              },
                              {
                                "version_value": "Web Apps Server 2010 Service Pack 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office Word Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Office Word Viewer"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office Online Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Office Online Server"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Word",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585"
                },
                {
                  "name": "106392",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106392"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0585",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0562 (GCVE-0-2019-0562)

    Vulnerability from nvd – Published: 2019-01-08 21:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Server Affected: 2019
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0562"
              },
              {
                "name": "106400",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106400"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0562"
            },
            {
              "name": "106400",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106400"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0562",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0562",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0562"
                },
                {
                  "name": "106400",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106400"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0562",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0558 (GCVE-0-2019-0558)

    Vulnerability from nvd – Published: 2019-01-08 21:00 – Updated: 2025-02-28 20:14
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.893Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558"
              },
              {
                "name": "106389",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106389"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0558",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-18T17:32:58.604706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:14:09.112Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            },
            {
              "product": "Microsoft Business Productivity Servers",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558"
            },
            {
              "name": "106389",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106389"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Business Productivity Servers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558"
                },
                {
                  "name": "106389",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106389"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0558",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:14:09.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0557 (GCVE-0-2019-0557)

    Vulnerability from nvd – Published: 2019-01-08 21:00 – Updated: 2025-02-28 20:14
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106388",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106388"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0557"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0557",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-18T17:32:58.604706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:14:19.617Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106388",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106388"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0557"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0557",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106388",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106388"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0557",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0557"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0557",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:14:19.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0556 (GCVE-0-2019-0556)

    Vulnerability from nvd – Published: 2019-01-08 21:00 – Updated: 2025-02-28 20:14
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106387",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106387"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0556",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-18T17:32:58.604706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:14:35.453Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106387",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106387"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0556",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106387",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106387"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0556",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:14:35.453Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8650 (GCVE-0-2018-8650)

    Vulnerability from nvd – Published: 2018-12-12 14:00 – Updated: 2025-02-28 20:14
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650"
              },
              {
                "name": "106170",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106170"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-8650",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-18T17:32:58.604706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:14:50.820Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-13T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650"
            },
            {
              "name": "106170",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106170"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8650",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650"
                },
                {
                  "name": "106170",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106170"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8650",
        "datePublished": "2018-12-12T14:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:14:50.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8635 (GCVE-0-2018-8635)

    Vulnerability from nvd – Published: 2018-12-12 00:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Server Affected: 2010 Service Pack 2
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106121",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106121"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka \"Microsoft SharePoint Server Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106121",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106121"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8635",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka \"Microsoft SharePoint Server Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106121",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106121"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8635",
        "datePublished": "2018-12-12T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8628 (GCVE-0-2018-8628)

    Vulnerability from nvd – Published: 2018-12-12 00:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Office Affected: 2016 for Mac
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Affected: Compatibility Pack Service Pack 3
    Affected: Web Apps 2010 Service Pack 2
    Affected: Web Apps 2013 Service Pack 1
    Create a notification for this product.
    Microsoft Microsoft PowerPoint Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Create a notification for this product.
    Microsoft Microsoft PowerPoint Viewer Affected: Microsoft PowerPoint Viewer
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Office Online Server Affected: Office Online Server
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Affected: 2013 Service Pack 1
    Affected: 2019
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
              },
              {
                "name": "106104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                },
                {
                  "status": "affected",
                  "version": "Compatibility Pack Service Pack 3"
                },
                {
                  "status": "affected",
                  "version": "Web Apps 2010 Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "Web Apps 2013 Service Pack 1"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft PowerPoint Viewer"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Office Online Server"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
            },
            {
              "name": "106104",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106104"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              },
                              {
                                "version_value": "Compatibility Pack Service Pack 3"
                              },
                              {
                                "version_value": "Web Apps 2010 Service Pack 2"
                              },
                              {
                                "version_value": "Web Apps 2013 Service Pack 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft PowerPoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft PowerPoint Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft PowerPoint Viewer"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office Online Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Office Online Server"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1"
                              },
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
                },
                {
                  "name": "106104",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106104"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8628",
        "datePublished": "2018-12-12T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8580 (GCVE-0-2018-8580)

    Vulnerability from nvd – Published: 2018-12-12 00:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Affected: Foundation 2010 Service Pack 2
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580"
              },
              {
                "name": "106096",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106096"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Foundation 2010 Service Pack 2"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka \"Microsoft SharePoint Information Disclosure Vulnerability.\" This affects Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580"
            },
            {
              "name": "106096",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106096"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8580",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              },
                              {
                                "version_value": "Foundation 2010 Service Pack 2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka \"Microsoft SharePoint Information Disclosure Vulnerability.\" This affects Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580"
                },
                {
                  "name": "106096",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106096"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8580",
        "datePublished": "2018-12-12T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8578 (GCVE-0-2018-8578)

    Vulnerability from nvd – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105832 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042133 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8578"
              },
              {
                "name": "105832",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105832"
              },
              {
                "name": "1042133",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka \"Microsoft SharePoint Information Disclosure Vulnerability.\" This affects Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8578"
            },
            {
              "name": "105832",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105832"
            },
            {
              "name": "1042133",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042133"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8578",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka \"Microsoft SharePoint Information Disclosure Vulnerability.\" This affects Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8578",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8578"
                },
                {
                  "name": "105832",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105832"
                },
                {
                  "name": "1042133",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042133"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8578",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8572 (GCVE-0-2018-8572)

    Vulnerability from nvd – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Server Affected: 2019
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Affected: Foundation 2013 Service Pack 1
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105831",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105831"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Foundation 2013 Service Pack 1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105831",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105831"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8572",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              },
                              {
                                "version_value": "Foundation 2013 Service Pack 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105831",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105831"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8572",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8568 (GCVE-0-2018-8568)

    Vulnerability from nvd – Published: 2018-11-14 01:00 – Updated: 2025-02-28 20:15
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105829 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1042136 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Server Affected: 2019
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105829",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105829"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568"
              },
              {
                "name": "1042136",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042136"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-8568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-22T19:17:40.828863Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:15:07.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-15T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105829",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105829"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568"
            },
            {
              "name": "1042136",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042136"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8568",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105829",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105829"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568"
                },
                {
                  "name": "1042136",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042136"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8568",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:15:07.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8518 (GCVE-0-2018-8518)

    Vulnerability from nvd – Published: 2018-10-10 13:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105496 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1041835 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:24.447Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105496",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105496"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8518"
              },
              {
                "name": "1041835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041835"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105496",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105496"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8518"
            },
            {
              "name": "1041835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041835"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8518",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105496",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105496"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8518",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8518"
                },
                {
                  "name": "1041835",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041835"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8518",
        "datePublished": "2018-10-10T13:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:24.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8498 (GCVE-0-2018-8498)

    Vulnerability from nvd – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105495 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1041835 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:36.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105495",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105495"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498"
              },
              {
                "name": "1041835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041835"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105495",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105495"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498"
            },
            {
              "name": "1041835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041835"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8498",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105495",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105495"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498"
                },
                {
                  "name": "1041835",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041835"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8498",
        "datePublished": "2018-10-10T13:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:36.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8488 (GCVE-0-2018-8488)

    Vulnerability from nvd – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105494 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041835 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:36.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8488"
              },
              {
                "name": "105494",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105494"
              },
              {
                "name": "1041835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041835"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8488"
            },
            {
              "name": "105494",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105494"
            },
            {
              "name": "1041835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041835"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8488",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8488",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8488"
                },
                {
                  "name": "105494",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105494"
                },
                {
                  "name": "1041835",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041835"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8488",
        "datePublished": "2018-10-10T13:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:36.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8480 (GCVE-0-2018-8480)

    Vulnerability from nvd – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8488, CVE-2018-8498, CVE-2018-8518.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105493 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041835 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:36.818Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480"
              },
              {
                "name": "105493",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105493"
              },
              {
                "name": "1041835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041835"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8488, CVE-2018-8498, CVE-2018-8518."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480"
            },
            {
              "name": "105493",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105493"
            },
            {
              "name": "1041835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041835"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8480",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8488, CVE-2018-8498, CVE-2018-8518."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480"
                },
                {
                  "name": "105493",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105493"
                },
                {
                  "name": "1041835",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041835"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8480",
        "datePublished": "2018-10-10T13:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:36.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0556 (GCVE-0-2019-0556)

    Vulnerability from cvelistv5 – Published: 2019-01-08 21:00 – Updated: 2025-02-28 20:14
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106387",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106387"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0556",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-18T17:32:58.604706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:14:35.453Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106387",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106387"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0556",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106387",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106387"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0556"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0556",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:14:35.453Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0557 (GCVE-0-2019-0557)

    Vulnerability from cvelistv5 – Published: 2019-01-08 21:00 – Updated: 2025-02-28 20:14
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106388",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106388"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0557"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0557",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-18T17:32:58.604706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:14:19.617Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106388",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106388"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0557"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0557",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106388",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106388"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0557",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0557"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0557",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:14:19.617Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0562 (GCVE-0-2019-0562)

    Vulnerability from cvelistv5 – Published: 2019-01-08 21:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Server Affected: 2019
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0562"
              },
              {
                "name": "106400",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106400"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0562"
            },
            {
              "name": "106400",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106400"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0562",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0562",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0562"
                },
                {
                  "name": "106400",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106400"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0562",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0558 (GCVE-0-2019-0558)

    Vulnerability from cvelistv5 – Published: 2019-01-08 21:00 – Updated: 2025-02-28 20:14
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.893Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558"
              },
              {
                "name": "106389",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106389"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-0558",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-18T17:32:58.604706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:14:09.112Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            },
            {
              "product": "Microsoft Business Productivity Servers",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558"
            },
            {
              "name": "106389",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106389"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0558",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Business Productivity Servers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0558"
                },
                {
                  "name": "106389",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106389"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0558",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:14:09.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0585 (GCVE-0-2019-0585)

    Vulnerability from cvelistv5 – Published: 2019-01-08 21:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Word Affected: Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2016 for Mac
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Affected: Web Apps Server 2010 Service Pack 2
    Create a notification for this product.
    Microsoft Microsoft Office Word Viewer Affected: Microsoft Office Word Viewer
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Office Online Server Affected: Microsoft Office Online Server
    Create a notification for this product.
    Microsoft Microsoft Word Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Affected: 2019
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.297Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585"
              },
              {
                "name": "106392",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106392"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Word",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                },
                {
                  "status": "affected",
                  "version": "Web Apps Server 2010 Service Pack 2"
                }
              ]
            },
            {
              "product": "Microsoft Office Word Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Office Word Viewer"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft Office Online Server"
                }
              ]
            },
            {
              "product": "Microsoft Word",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585"
            },
            {
              "name": "106392",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106392"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0585",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Word",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              },
                              {
                                "version_value": "Web Apps Server 2010 Service Pack 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office Word Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Office Word Viewer"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office Online Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft Office Online Server"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Word",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \"Microsoft Word Remote Code Execution Vulnerability.\" This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0585"
                },
                {
                  "name": "106392",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106392"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0585",
        "datePublished": "2019-01-08T21:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8650 (GCVE-0-2018-8650)

    Vulnerability from cvelistv5 – Published: 2018-12-12 14:00 – Updated: 2025-02-28 20:14
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-12-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650"
              },
              {
                "name": "106170",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106170"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-8650",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-18T17:32:58.604706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:14:50.820Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-12-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-13T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650"
            },
            {
              "name": "106170",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106170"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8650",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability.\" This affects Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8650"
                },
                {
                  "name": "106170",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106170"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8650",
        "datePublished": "2018-12-12T14:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:14:50.820Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8580 (GCVE-0-2018-8580)

    Vulnerability from cvelistv5 – Published: 2018-12-12 00:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Affected: Foundation 2010 Service Pack 2
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580"
              },
              {
                "name": "106096",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106096"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Foundation 2010 Service Pack 2"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka \"Microsoft SharePoint Information Disclosure Vulnerability.\" This affects Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580"
            },
            {
              "name": "106096",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106096"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8580",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              },
                              {
                                "version_value": "Foundation 2010 Service Pack 2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka \"Microsoft SharePoint Information Disclosure Vulnerability.\" This affects Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8580"
                },
                {
                  "name": "106096",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106096"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8580",
        "datePublished": "2018-12-12T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8628 (GCVE-0-2018-8628)

    Vulnerability from cvelistv5 – Published: 2018-12-12 00:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Office Affected: 2016 for Mac
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Affected: Compatibility Pack Service Pack 3
    Affected: Web Apps 2010 Service Pack 2
    Affected: Web Apps 2013 Service Pack 1
    Create a notification for this product.
    Microsoft Microsoft PowerPoint Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Create a notification for this product.
    Microsoft Microsoft PowerPoint Viewer Affected: Microsoft PowerPoint Viewer
    Create a notification for this product.
    Microsoft Office Affected: 365 ProPlus for 32-bit Systems
    Affected: 365 ProPlus for 64-bit Systems
    Create a notification for this product.
    Microsoft Office Online Server Affected: Office Online Server
    Create a notification for this product.
    Microsoft Microsoft SharePoint Server Affected: 2013 Service Pack 1
    Affected: 2019
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
              },
              {
                "name": "106104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                },
                {
                  "status": "affected",
                  "version": "Compatibility Pack Service Pack 3"
                },
                {
                  "status": "affected",
                  "version": "Web Apps 2010 Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "Web Apps 2013 Service Pack 1"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint Viewer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Microsoft PowerPoint Viewer"
                }
              ]
            },
            {
              "product": "Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "365 ProPlus for 32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "365 ProPlus for 64-bit Systems"
                }
              ]
            },
            {
              "product": "Office Online Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Office Online Server"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
            },
            {
              "name": "106104",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106104"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8628",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              },
                              {
                                "version_value": "Compatibility Pack Service Pack 3"
                              },
                              {
                                "version_value": "Web Apps 2010 Service Pack 2"
                              },
                              {
                                "version_value": "Web Apps 2013 Service Pack 1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft PowerPoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft PowerPoint Viewer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Microsoft PowerPoint Viewer"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "365 ProPlus for 32-bit Systems"
                              },
                              {
                                "version_value": "365 ProPlus for 64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office Online Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Office Online Server"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1"
                              },
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
                },
                {
                  "name": "106104",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106104"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8628",
        "datePublished": "2018-12-12T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8635 (GCVE-0-2018-8635)

    Vulnerability from cvelistv5 – Published: 2018-12-12 00:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Server Affected: 2010 Service Pack 2
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "106121",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106121"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka \"Microsoft SharePoint Server Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-12T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "106121",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106121"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8635",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka \"Microsoft SharePoint Server Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "106121",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106121"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8635"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8635",
        "datePublished": "2018-12-12T00:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.868Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8572 (GCVE-0-2018-8572)

    Vulnerability from cvelistv5 – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Server Affected: 2019
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Affected: Foundation 2013 Service Pack 1
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105831",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105831"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                },
                {
                  "status": "affected",
                  "version": "Foundation 2013 Service Pack 1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105831",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105831"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8572",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              },
                              {
                                "version_value": "Foundation 2013 Service Pack 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8568."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105831",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105831"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8572"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8572",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8578 (GCVE-0-2018-8578)

    Vulnerability from cvelistv5 – Published: 2018-11-14 01:00 – Updated: 2024-08-05 07:02
    VLAI
    Summary
    An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105832 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1042133 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8578"
              },
              {
                "name": "105832",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105832"
              },
              {
                "name": "1042133",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka \"Microsoft SharePoint Information Disclosure Vulnerability.\" This affects Microsoft SharePoint."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8578"
            },
            {
              "name": "105832",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105832"
            },
            {
              "name": "1042133",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042133"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8578",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka \"Microsoft SharePoint Information Disclosure Vulnerability.\" This affects Microsoft SharePoint."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8578",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8578"
                },
                {
                  "name": "105832",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105832"
                },
                {
                  "name": "1042133",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042133"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8578",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:02:25.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8568 (GCVE-0-2018-8568)

    Vulnerability from cvelistv5 – Published: 2018-11-14 01:00 – Updated: 2025-02-28 20:15
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105829 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1042136 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Server Affected: 2019
    Create a notification for this product.
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:02:25.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105829",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105829"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568"
              },
              {
                "name": "1042136",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1042136"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-8568",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-22T19:17:40.828863Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T20:15:07.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-15T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105829",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105829"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568"
            },
            {
              "name": "1042136",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1042136"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8568",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105829",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105829"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568"
                },
                {
                  "name": "1042136",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1042136"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8568",
        "datePublished": "2018-11-14T01:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2025-02-28T20:15:07.487Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8498 (GCVE-0-2018-8498)

    Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105495 vdb-entryx_refsource_BID
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1041835 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2013 Service Pack 1
    Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:36.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105495",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105495"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498"
              },
              {
                "name": "1041835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041835"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2013 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "105495",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105495"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498"
            },
            {
              "name": "1041835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041835"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8498",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2013 Service Pack 1"
                              },
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105495",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105495"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498"
                },
                {
                  "name": "1041835",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041835"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8498",
        "datePublished": "2018-10-10T13:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:36.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8480 (GCVE-0-2018-8480)

    Vulnerability from cvelistv5 – Published: 2018-10-10 13:00 – Updated: 2024-08-05 06:54
    VLAI
    Summary
    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8488, CVE-2018-8498, CVE-2018-8518.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    URL Tags
    https://portal.msrc.microsoft.com/en-US/security-… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/105493 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1041835 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Microsoft Microsoft SharePoint Affected: Enterprise Server 2016
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:54:36.818Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480"
              },
              {
                "name": "105493",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105493"
              },
              {
                "name": "1041835",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041835"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft SharePoint",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Enterprise Server 2016"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8488, CVE-2018-8498, CVE-2018-8518."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T09:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480"
            },
            {
              "name": "105493",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105493"
            },
            {
              "name": "1041835",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041835"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2018-8480",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft SharePoint",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Enterprise Server 2016"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8488, CVE-2018-8498, CVE-2018-8518."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8480"
                },
                {
                  "name": "105493",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105493"
                },
                {
                  "name": "1041835",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041835"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2018-8480",
        "datePublished": "2018-10-10T13:00:00.000Z",
        "dateReserved": "2018-03-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:54:36.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }