High severity8.8NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026

CVE-2017-11876

Description

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".

Affected products

Microsoft/Project Server
cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:*
Microsoft/Sharepoint Enterprise Server
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
Microsoft Corporation/Microsoft Serverv5
Range: Microsoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876nvdIssue TrackingPatchVendor Advisory
www.securityfocus.com/bid/101754nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039788nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039789nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000