CVE-2020-0974

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to an unrestricted file upload vulnerability, allowing a remote attacker to execute arbitrary code by uploading a specially crafted package. This can be achieved when the software fails to properly check the source markup of an application package. The exploitation requires a user to upload a specially crafted SharePoint application package to an affected version of SharePoint, potentially allowing the attacker to run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Recommendations For Microsoft SharePoint Server, update to a version that includes a fix for this issue. For Microsoft SharePoint Enterprise Server, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting the upload of application packages to trusted sources until a patch is available. Restrict access to the package upload feature to minimize the risk of exploitation.