CVE-2018-8635

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint (affected versions not specified)

Description The issue is related to an elevation of privilege vulnerability. It occurs when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. This could allow a remote attacker to execute malicious code on a vulnerable server in the context of the SharePoint application pool account. The vulnerability is associated with insecure privilege management.

Recommendations For Microsoft SharePoint Server, update to a version that properly sanitizes authentication requests to prevent exploitation. For Microsoft SharePoint, apply configuration changes to restrict access to sensitive areas of the server until a proper fix is available. As a temporary workaround, consider restricting access to the SharePoint application pool account to minimize the risk of exploitation.