Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Remote Code Execution Vulnerability in Microsoft SharePoint Server

 

Systems Affected


  ✻  Microsoft SharePoint Foundation 2013 SP1
  ✻  Microsoft SharePoint Foundation 2010 SP2
  ✻  Microsoft SharePoint Server 2019
  ✻  Microsoft SharePoint Enterprise Server 2016

Threat Level


High


Overview


A vulnerability has been identified in the above Microsoft SharePoint Server versions in which an attacker could execute arbitrary codes on the targeted system.


Description


This vulnerability exists in the Microsoft SharePoint Servers due to improper input validations. A remote attacker having access to the target system could exploit this vulnerability by executing a specially crafted request.

A successful exploit of this vulnerability could allow an attacker to run arbitrary codes on the targeted system.


Impact


  ✻  Exposing sensitive information to unauthorized parties
  ✻  Unauthorized access to the server
  ✻  Malware Infections
  ✻  Unpredictable behavior in the server


Solution/ Workarounds


  ✻  Apply the security patch mentioned by the Microsoft security advisory
   https://msrc.microsoft.com/update-guide/en-us


References


  ✻  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17118
  ✻  https://exchange.xforce.ibmcloud.com/vulnerabilities/193934
  ✻  https://www.cert-in.org.in


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.