CVE-2018-0799

6.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Access
Vendor: CVE Published:; 10 January 2018

Summary

Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability".

Affected Version(s)

Microsoft Access Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102411

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1040157

vdb-entryx_refsource_SECTRACK

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 10, 2018
Vulnerability Reserved
Dec 1, 2017

Collectors

NVD DatabaseMitre Database

.