← Back

CVE-2020-1439

nvd nist
Published: Jul 14, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

Affected (5)

Microsoft
3 products
Sharepoint Enterprise Server
Sharepoint Foundation
Sharepoint Server
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Sharepoint Enterprise Server
Version 2013 sp1
Sharepoint Enterprise Server
Version 2016
Sharepoint Foundation
Version 2013 sp1
Microsoft
Sharepoint Server
Version 2010 sp2
Sharepoint Server
Version 2019

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (4)

Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.