CVE-2017-11876

Name of the Vulnerable Software and Affected Versions Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016

Description The issue allows an attacker to use cross-site forgery to read unauthorized content, use the victim's identity to take actions on the web application, such as change permissions and delete content, and inject malicious content in the victim's browser. This can be exploited when the victim is authenticated to the target site, and it involves a Cross-site Request Forgery (CSRF/XSRF) vulnerability due to improper management of user sessions by Microsoft Project Server.

Recommendations For Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016, at the moment, there is no information about a newer version that contains a fix for this vulnerability.