CVE-2020-1181

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to insufficient input validation in Microsoft SharePoint Server, allowing a remote attacker to execute arbitrary code using a specially crafted page. An authenticated attacker could exploit this to perform actions in the security context of the SharePoint application pool process. The vulnerability is associated with the failure to properly identify and filter unsafe ASP.Net web controls.

Recommendations For Microsoft SharePoint Server, consider restricting access to unsafe ASP.Net web controls until a patch is available. For Microsoft SharePoint Foundation, restrict the use of specially crafted pages to minimize the risk of exploitation. For Microsoft SharePoint Enterprise Server, as a temporary workaround, consider disabling the execution of arbitrary code in the security context of the SharePoint application pool process until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.