Upstream information

CVE-2018-8518 at MITRE

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 3.5
Vector AV:N/AC:M/Au:S/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
CVSS v3 Scores
  National Vulnerability Database
Base Score 5.4
Vector CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality Impact Low
Integrity Impact Low
Availability Impact None
CVSSv3 Version 3
No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
HPE Helion OpenStack 8
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
HPE-Helion-OpenStack-8-2022-142
SUSE CaaS Platform 4.0
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-SUSE-CAASP-4.0-2022-183
SUSE Enterprise Storage 6
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-Storage-6-2022-183
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-183
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-183
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-SLE-Product-HPC-15-2022-183
SUSE Linux Enterprise Server 12 SP2-BCL
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
  • webkit2gtk3-devel >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SERVER-12-SP2-BCL-2022-142
SUSE Linux Enterprise Server 12 SP3-BCL
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-BCL-2022-142
SUSE Linux Enterprise Server 12 SP3-ESPOS
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-ESPOS-2022-142
SUSE Linux Enterprise Server 12 SP3-LTSS
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SERVER-12-SP3-2022-142
SUSE Linux Enterprise Server 12 SP4-ESPOS
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SERVER-12-SP4-ESPOS-2022-142
SUSE Linux Enterprise Server 12 SP4-LTSS
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SERVER-12-SP4-LTSS-2022-142
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
  • webkit2gtk3-devel >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SDK-12-SP5-2022-142
SUSE-SLE-SERVER-12-SP5-2022-142
SUSE Linux Enterprise Server 15 SP1-BCL
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP1-BCL-2022-183
SUSE Linux Enterprise Server 15 SP1-LTSS
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-183
SUSE Linux Enterprise Server 15-LTSS
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-SLE-Product-SLES-15-2022-183
SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SAP-12-SP3-2022-142
SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SAP-12-SP4-2022-142
SUSE Linux Enterprise Server for SAP Applications 15 SP1
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-SP1-2022-183
SUSE Linux Enterprise Server for SAP Applications 15
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1
  • libwebkit2gtk3-lang >= 2.34.3-3.92.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1
  • webkit2gtk3-devel >= 2.34.3-3.92.1
Patchnames:
SUSE-SLE-Product-SLES_SAP-15-2022-183
SUSE Linux Enterprise Software Development Kit 12 SP5
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk3-devel >= 2.34.3-2.82.1
Patchnames:
SUSE-SLE-SDK-12-SP5-2022-142
SUSE OpenStack Cloud 8
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-OpenStack-Cloud-8-2022-142
SUSE OpenStack Cloud 9
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-OpenStack-Cloud-9-2022-142
SUSE OpenStack Cloud Crowbar 8
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-OpenStack-Cloud-Crowbar-8-2022-142
SUSE OpenStack Cloud Crowbar 9
  • libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1
  • libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1
  • libwebkit2gtk3-lang >= 2.34.3-2.82.1
  • typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1
  • typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1
  • webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1
Patchnames:
SUSE-OpenStack-Cloud-Crowbar-9-2022-142


SUSE Timeline for this CVE

CVE page created: Thu Oct 11 06:15:14 2018
CVE page last modified: Fri Oct 13 20:03:45 2023