Vulnerability in Microsoft Sharepoint Enterprise Server
CVE-2020-1439
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
EPSS: 0.312 (96.9th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Sharepoint Enterprise Server — versions 2013 Service Pack 1, 2016
- Microsoft Sharepoint Foundation — versions 2013 Service Pack 1
- Microsoft Sharepoint Server — versions 2019, 2010 Service Pack 2
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439 (x_refsource_MISC)
- www.zerodayinitiative.com/advisories/ZDI-20-874/ (x_refsource_MISC)