Microsoft · Sql Server Reporting Services · CVE-2020-1044
Name of the Vulnerable Software and Affected Versions:
SQL Server Reporting Services (SSRS) (affected versions not specified)
Description:
A security feature bypass issue exists in SQL Server Reporting Services (SSRS) due to improper validation of attachments uploaded to reports. This could allow an attacker to upload disallowed file types. To exploit this, an authenticated attacker would need to send a specially crafted request to an affected SSRS server. The issue is related to errors in input processing.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.