CVE-2017-11876

high

Microsoft

CVSS v3 Base Score

8.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

1.0%

Exploitation probability in 30 days

Top 23% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: November 15, 2017 (3103 days ago)

Last Modified: May 13, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".

CWE

CWE-352

Affected Products

microsoft project servermicrosoft sharepoint enterprise server

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 portal.msrc.microsoft.com 🔗 www.securityfocus.com

CVE-2017-11876

Vulnerability Report

Description

CWE

Affected Products

References