Published: 11/07/2018 Updated: 23/05/2022

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft .net_framework 2.0
microsoft .net_framework 3.0
microsoft .net_framework 3.5
microsoft .net_framework 3.5.1
microsoft .net_framework 4.5.2
microsoft .net_framework 4.6
microsoft .net_framework 4.6.2
microsoft .net_framework 4.7
microsoft .net_framework 4.7.1
microsoft .net_framework 4.7.2
microsoft .net_framework 4.6.1
microsoft project server 2013
microsoft project server 2010
microsoft sharepoint enterprise server 2016
microsoft sharepoint enterprise server 2013
microsoft sharepoint foundation 2010
microsoft sharepoint foundation 2013
microsoft sharepoint server 2010
microsoft sharepoint server 2013

CVE-2018-8284-Sharepoint-RCE

CWE-94 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284 http://www.securitytracker.com/id/1041257 http://www.securityfocus.com/bid/104667 https://nvd.nist.gov https://github.com/quantiti/CVE-2018-8284-Sharepoint-RCE

CVE-2018-8284

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect