#VU27736 Input validation error in Microsoft SharePoint Server - CVE-2020-1102
Published: May 12, 2020 / Updated: June 3, 2020
Vulnerability identifier: #VU27736
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2020-1102
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Microsoft SharePoint Server
Microsoft SharePoint Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in Microsoft SharePoint when handling shared forms. A remote authenticated attacker can invoke a shared form in a way that allows arbitrary controls to be instantiated and execute arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
Remediation
Install updates from vendor's website.