CVE-2018-0864

Name of the Vulnerable Software and Affected Versions: SharePoint Project Server 2013 SharePoint Enterprise Server 2016

Description: The issue is related to how web requests are handled, allowing an information disclosure. An elevation of privilege vulnerability exists due to improper sanitization of specially crafted web requests to affected SharePoint servers. An authenticated attacker could exploit this by sending a specially crafted request, potentially leading to cross-site scripting attacks. This could allow the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, and inject malicious content into the user's browser.

Recommendations: For SharePoint Project Server 2013, update to a version that properly sanitizes web requests to prevent elevation of privilege. For SharePoint Enterprise Server 2016, ensure that all web requests are properly sanitized to prevent cross-site scripting attacks and elevation of privilege. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint site to minimize the risk of exploitation.