Main Vulnerability Database Vulnerabilities #VU27726

Input validation error in Microsoft SharePoint Server - CVE-2020-1024

Published: May 12, 2020

Vulnerability identifier: #VU27726

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-1024

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft SharePoint Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. A remote authenticated attacker can upload a specially crafted SharePoint application package and execute arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024

Input validation error in Microsoft SharePoint Server - CVE-2020-1024

Description

Remediation

External links

Please verify you're human