Arbitrary file upload in Microsoft SQL Server Reporting Services (SSRS)

#VU46407 Arbitrary file upload in Microsoft SQL Server Reporting Services (SSRS)

Published: 2020-09-08

Vulnerability identifier: #VU46407

Vulnerability risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-1044

CWE-ID: CWE-434

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Microsoft SQL Server Reporting Services (SSRS)
Server applications / Other server solutions

Vendor: Microsoft

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of attachments uploaded to reports in SQL Server Reporting Services (SSRS). A remote attacker can upload file types that were disallowed by an administrator.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Microsoft SQL Server Reporting Services (SSRS): 2017 - 2019

External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1044

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Security restrictions bypass in SQL Server Reporting Services (SSRS)