CVE-2020-1523

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description: The issue is related to insufficient input validation in Microsoft SharePoint products, allowing a remote attacker to modify data. To exploit this, an attacker must be authenticated on the affected SharePoint Server and send a specially modified request to the server, targeting a specific user. This could enable the attacker to modify a targeted user's profile data.

Recommendations: For Microsoft SharePoint Server, consider restricting access to profile data handling until a security update is applied. For Microsoft SharePoint Foundation, apply the security update that modifies how profile data is handled. For Microsoft SharePoint Enterprise Server, update the system to address the vulnerability by properly handling profile data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.