vulnerability

Microsoft SharePoint: CVE-2017-11876: Microsoft Project Server Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Nov 15, 2017	May 15, 2023	Sep 9, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Nov 15, 2017

Added

May 15, 2023

Modified

Sep 9, 2025

Description

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".

Solution

microsoft-sharepoint-sharepoint_2016-kb4011244

References

BID-101754
CVE-2017-11876
https://attackerkb.com/topics/CVE-2017-11876
CWE-352
URL-https://support.microsoft.com/help/4011244

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today