Main Vulnerability Database Vulnerabilities #VU27725

Input validation error in Microsoft SharePoint Server - CVE-2020-1023

Published: May 12, 2020

Vulnerability identifier: #VU27725

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-1023

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft SharePoint Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. A remote authenticated attacker can upload a specially crafted SharePoint application package and execute arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023

Input validation error in Microsoft SharePoint Server - CVE-2020-1023

Description

Remediation

External links

Please verify you're human