CVE-2020-1439
N/A
N/A
Summary
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server | 2013 Service Pack 1 | affected |
| Microsoft | Microsoft SharePoint Enterprise Server | 2016 | affected |
| Microsoft | Microsoft SharePoint Server | 2019 | affected |
| Microsoft | Microsoft SharePoint Server | 2010 Service Pack 2 | affected |
| Microsoft | Microsoft SharePoint Foundation | 2013 Service Pack 1 | affected |
Weaknesses
- Remote Code Execution
ADP Enrichment
CVE Program Container
Additional References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439
- https://www.zerodayinitiative.com/advisories/ZDI-20-874/
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439
- https://www.zerodayinitiative.com/advisories/ZDI-20-874/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.