CVE-2020-0977

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to insufficient input validation in Microsoft SharePoint Server and SharePoint Enterprise Server. This can be exploited by a remote attacker using a specially crafted request to the vulnerable SharePoint server, potentially allowing spoofing attacks. An authenticated attacker could send a specially crafted request to an affected server, enabling cross-site scripting attacks on affected systems. This could allow the attacker to read unauthorized content, use the victim's identity to take actions on the SharePoint site, such as changing permissions and deleting content, and inject malicious content into the user's browser.

Recommendations For Microsoft SharePoint Server, update to a version that properly sanitizes web requests to prevent spoofing attacks. For Microsoft SharePoint Enterprise Server, apply security patches or configuration changes that address the insufficient input validation issue. As a temporary workaround, consider restricting access to sensitive areas of the SharePoint site to minimize the risk of exploitation.