CVE-2020-1024

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to insufficient access control in Microsoft SharePoint packages. It allows a remote attacker to elevate their privileges. A remote code execution vulnerability exists when the software fails to check the source markup of an application package, potentially allowing an attacker to run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Recommendations For Microsoft SharePoint Server, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation, update to a version that includes the fix for this issue. For Microsoft SharePoint Enterprise Server, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the application package installation feature until a patch is available.