漏洞标题
N/A
漏洞描述信息
Microsoft Project Server 和 Microsoft SharePoint Enterprise Server 2016 允许攻击者使用跨站点伪造技术读取他们未经授权阅读的内容,使用受害者的身份在 web 应用程序上代表受害者进行 actions,例如更改权限和删除内容,并将恶意内容注入受害者的浏览器,这被称为 "Microsoft Project Server 提升权限漏洞" 。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Microsoft Project Server和SharePoint Enterprise Server 权限许可和访问控制漏洞
漏洞描述信息
Microsoft Project Server和Microsoft SharePoint Enterprise Server 2016都是美国微软(Microsoft)公司的产品。Microsoft Project Server是一套适用于项目组合管理(PPM)和日常工作的项目管理解决方案。SharePoint Enterprise Server 2016是一套企业业务协作平台。 Microsoft Project Server和SharePoint Enterprise Server 2016中存在提
CVSS信息
N/A
漏洞类别
跨站请求伪造