This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2006-12-18
Product Project Server Last view 2020-04-15
Version 2010 Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:*:* 15
cpe:2.3:a:microsoft:project_server:2010:sp2:*:*:*:*:*:* 8
cpe:2.3:a:microsoft:project_server:2013:sp1:*:*:*:*:x64:* 2
cpe:2.3:a:microsoft:project_server:2003:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:project_server:2007:sp2:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:project_server:2007:sp1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:project_server:2003:sp3:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:project_server:2013:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:project_server:2010:sp1:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
5.4 2020-04-15 CVE-2020-0954

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978.
5.4 2019-06-12 CVE-2019-1036

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.
5.4 2019-06-12 CVE-2019-1033

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.
5.4 2019-06-12 CVE-2019-1031

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1032, CVE-2019-1033, CVE-2019-1036.
5.4 2018-06-14 CVE-2018-8254

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.
5.4 2018-05-09 CVE-2018-8156

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168.
8.8 2018-03-14 CVE-2018-0944

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947.
8.8 2018-03-14 CVE-2018-0916

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
8.8 2018-03-14 CVE-2018-0915

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
8.8 2018-03-14 CVE-2018-0914

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
8.8 2018-03-14 CVE-2018-0913

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
8.8 2018-03-14 CVE-2018-0912

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
8.8 2018-03-14 CVE-2018-0911

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
8.8 2018-03-14 CVE-2018-0910

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
8.8 2018-03-14 CVE-2018-0909

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
8.8 2017-11-14 CVE-2017-11876

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
6.1 2017-06-14 CVE-2017-8551

An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".
7.8 2017-05-12 CVE-2017-0281

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.
9.3 2015-11-11 CVE-2015-2503

Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Microsoft Office Elevation of Privilege Vulnerability."
4.3 2015-04-14 CVE-2015-1640

Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
9 2014-05-14 CVE-2014-0251

Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerability."
9.3 2009-12-09 CVE-2009-0102

Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
6.5 2006-12-18 CVE-2006-6617

projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.

CWE : Common Weakness Enumeration

%idName
80% (17) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
4% (1) CWE-399 Resource Management Errors
4% (1) CWE-352 Cross-Site Request Forgery (CSRF)
4% (1) CWE-264 Permissions, Privileges, and Access Controls
4% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:6298 Project Memory Validation Vulnerability
oval:org.mitre.oval:def:24567 SharePoint Page Content Vulnerabilities (CVE-2014-0251) - MS14-022
oval:org.mitre.oval:def:28565 Microsoft SharePoint XSS vulnerability – CVE-2015-1640 (MS15-036)

Open Source Vulnerability Database (OSVDB)

id Description
60830 Microsoft Office Project File Handling Memory Validation Arbitrary Code Execu...
31896 Microsoft Project Server pdsrequest.asp GetInitializationData Request SQL Dat...

OpenVAS Exploits

id Description
2009-12-14 Name : Microsoft Office Project Remote Code Execution Vulnerability (967183)
File : nvt/secpod_ms09-074.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0087 Multiple Vulnerabilities in Microsoft Office SharePoint Server (MS15-036)
Severity: Category II - VMSKEY: V0059889
2014-A-0074 Multiple Vulnerabilities in Microsoft Office SharePoint Server
Severity: Category II - VMSKEY: V0050449
2009-A-0129 Microsoft Windows Office Project Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0022099

Snort® IPS/IDS

Date Description
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50823 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50822 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50821 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50820 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50819 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50818 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50817 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50816 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50815 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50814 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50813 - Type : FILE-OFFICE - Revision : 1
2019-08-30 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 50812 - Type : FILE-OFFICE - Revision : 1
2016-03-14 Microsoft Office Word CoCreateInstance elevation of privilege attempt
RuleID : 36721 - Type : FILE-OFFICE - Revision : 3
2016-03-14 Microsoft Office Word CoCreateInstance elevation of privilege attempt
RuleID : 36720 - Type : FILE-OFFICE - Revision : 3
2015-05-14 Microsoft SharePoint projectdetails.aspx ret parameter XSS attempt
RuleID : 34099 - Type : SERVER-OTHER - Revision : 3
2014-01-10 Microsoft Office Project file parsing arbitrary memory access attempt
RuleID : 16328 - Type : FILE-OFFICE - Revision : 13

Nessus® Vulnerability Scanner

id Description
2017-11-15 Name: The Microsoft SharePoint Server or Microsoft Project Server installation on t...
File: smb_nt_ms17_nov_office_sharepoint.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: An application installed on the remote Windows host is affected by multiple v...
File: smb_nt_ms17_may_office.nasl - Type: ACT_GATHER_INFO
2015-11-10 Name: The remote Windows host is affected by multiple vulnerabilities.
File: smb_nt_ms15-116.nasl - Type: ACT_GATHER_INFO
2015-04-14 Name: The remote Windows host is affected by multiple cross-site scripting vulnerab...
File: smb_nt_ms15-036.nasl - Type: ACT_GATHER_INFO
2014-05-14 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms14-022.nasl - Type: ACT_GATHER_INFO
2009-12-08 Name: Arbitrary code can be executed on the remote host through Microsoft Project.
File: smb_nt_ms09-074.nasl - Type: ACT_GATHER_INFO