PT-2020-2209 · Microsoft · Sharepoint Server+1

Published

2020-04-14

Updated

2020-04-17

CVE-2020-0931

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint (affected versions not specified)

Description The issue is related to a remote code execution vulnerability in Microsoft SharePoint. This vulnerability can be exploited when the software fails to check the source markup of an application package, allowing an attacker to run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. The vulnerability is also associated with the unlimited upload of dangerous file types, which can be exploited by a remote attacker to execute arbitrary code by uploading a specially crafted package.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

BDU:2020-02124

CVE-2020-0931

ZDI-20-465

Affected Products

Sharepoint Server

Sharepoint Foundation

PT-2020-2209 · Microsoft · Sharepoint Server+1

CVE-2020-0931

Weakness Enumeration

Related Identifiers

Affected Products

References · 6