CVE-2020-1440

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description: A tampering issue exists due to Microsoft SharePoint Server's failure to properly handle profile data. This could allow an attacker to modify a targeted user's profile data. To exploit this, an attacker must be authenticated on the affected server and send a specially modified request targeting a specific user.

Recommendations: For Microsoft SharePoint Server, update the software to the latest version that includes the security update, which modifies how profile data is handled. For Microsoft SharePoint Foundation, apply the security update that addresses the vulnerability by improving input validation. For Microsoft SharePoint Enterprise Server, consider restricting access to profile data until a patch is available. As a temporary workaround, consider disabling the modification of profile data on the server until a patch is available.