CVE-2018-8518 Common Vulnerabilities and Exposures

Upstream information

CVE-2018-8518 at MITRE

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8498.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	3.5
Vector	AV:N/AC:M/Au:S/C:N/I:P/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	Single
Confidentiality Impact	None
Integrity Impact	Partial
Availability Impact	None

CVSS v3 Scores
	National Vulnerability Database
Base Score	5.4
Vector	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector	Network
Attack Complexity	Low
Privileges Required	Low
User Interaction	Required
Scope	Changed
Confidentiality Impact	Low
Integrity Impact	Low
Availability Impact	None
CVSSv3 Version	3

No SUSE Bugzilla entries cross referenced.

SUSE Security Advisories:

SUSE-SU-2022:0142-1, published Thu Jan 20 17:30:05 UTC 2022
SUSE-SU-2022:0183-1, published Tue Jan 25 20:26:14 UTC 2022

List of released packages

Product(s)	Fixed package version(s)	References
HPE Helion OpenStack 8	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: HPE-Helion-OpenStack-8-2022-142
SUSE CaaS Platform 4.0	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-SUSE-CAASP-4.0-2022-183
SUSE Enterprise Storage 6	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-Storage-6-2022-183
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-183
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-183
SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-SLE-Product-HPC-15-2022-183
SUSE Linux Enterprise Server 12 SP2-BCL	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1` `webkit2gtk3-devel >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SERVER-12-SP2-BCL-2022-142
SUSE Linux Enterprise Server 12 SP3-BCL	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SERVER-12-SP3-BCL-2022-142
SUSE Linux Enterprise Server 12 SP3-ESPOS	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SERVER-12-SP3-ESPOS-2022-142
SUSE Linux Enterprise Server 12 SP3-LTSS	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SERVER-12-SP3-2022-142
SUSE Linux Enterprise Server 12 SP4-ESPOS	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SERVER-12-SP4-ESPOS-2022-142
SUSE Linux Enterprise Server 12 SP4-LTSS	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SERVER-12-SP4-LTSS-2022-142
SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1` `webkit2gtk3-devel >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SDK-12-SP5-2022-142 SUSE-SLE-SERVER-12-SP5-2022-142
SUSE Linux Enterprise Server 15 SP1-BCL	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-SLE-Product-SLES-15-SP1-BCL-2022-183
SUSE Linux Enterprise Server 15 SP1-LTSS	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-183
SUSE Linux Enterprise Server 15-LTSS	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-SLE-Product-SLES-15-2022-183
SUSE Linux Enterprise Server for SAP Applications 12 SP3	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SAP-12-SP3-2022-142
SUSE Linux Enterprise Server for SAP Applications 12 SP4	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SAP-12-SP4-2022-142
SUSE Linux Enterprise Server for SAP Applications 15 SP1	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-SLE-Product-SLES_SAP-15-SP1-2022-183
SUSE Linux Enterprise Server for SAP Applications 15	`libjavascriptcoregtk-4_0-18 >= 2.34.3-3.92.1` `libwebkit2gtk-4_0-37 >= 2.34.3-3.92.1` `libwebkit2gtk3-lang >= 2.34.3-3.92.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-3.92.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-3.92.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-3.92.1` `webkit2gtk3-devel >= 2.34.3-3.92.1`	Patchnames: SUSE-SLE-Product-SLES_SAP-15-2022-183
SUSE Linux Enterprise Software Development Kit 12 SP5	`typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk3-devel >= 2.34.3-2.82.1`	Patchnames: SUSE-SLE-SDK-12-SP5-2022-142
SUSE OpenStack Cloud 8	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-OpenStack-Cloud-8-2022-142
SUSE OpenStack Cloud 9	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-OpenStack-Cloud-9-2022-142
SUSE OpenStack Cloud Crowbar 8	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-OpenStack-Cloud-Crowbar-8-2022-142
SUSE OpenStack Cloud Crowbar 9	`libjavascriptcoregtk-4_0-18 >= 2.34.3-2.82.1` `libwebkit2gtk-4_0-37 >= 2.34.3-2.82.1` `libwebkit2gtk3-lang >= 2.34.3-2.82.1` `typelib-1_0-JavaScriptCore-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2-4_0 >= 2.34.3-2.82.1` `typelib-1_0-WebKit2WebExtension-4_0 >= 2.34.3-2.82.1` `webkit2gtk-4_0-injected-bundles >= 2.34.3-2.82.1`	Patchnames: SUSE-OpenStack-Cloud-Crowbar-9-2022-142

SUSE Timeline for this CVE

CVE page created: Thu Oct 11 06:15:14 2018
CVE page last modified: Fri Oct 13 20:03:45 2023