← back
CVE-2018-0908

CVE-2018-0908

EPSS 2.6%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 2.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Feb 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."
Affected products
Microsoft Corporation · Microsoft Identity Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0908http://www.securityfocus.com/bid/103112