PT-2020-4081 · Microsoft · Sql Server Reporting Services
Piotr Cielas
·
Published
2020-09-08
·
Updated
2023-12-31
·
CVE-2020-1044
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
SQL Server Reporting Services (SSRS) (affected versions not specified)
Description:
A security feature bypass issue exists in SQL Server Reporting Services (SSRS) due to improper validation of attachments uploaded to reports. This could allow an attacker to upload disallowed file types. To exploit this, an authenticated attacker would need to send a specially crafted request to an affected SSRS server. The issue is related to errors in input processing.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sql Server Reporting Services