Remote Code Execution Vulnerability in Microsoft SharePoint Server

  • CERT Admin
  • Fri Jan 15 2021
  • Alerts

Systems Affected 

  ✻  Microsoft SharePoint Foundation 2013 SP1
  ✻  Microsoft SharePoint Foundation 2010 SP2
  ✻  Microsoft SharePoint Server 2019
  ✻  Microsoft SharePoint Enterprise Server 2016  

Threat Level 

High 

Overview 

A vulnerability has been identified in the above Microsoft SharePoint Server versions in which an attacker could execute arbitrary codes on the targeted system.  

Description 

This vulnerability exists in the Microsoft SharePoint Servers due to improper input validations. A remote attacker having access to the target system could exploit this vulnerability by executing a specially crafted request.

A successful exploit of this vulnerability could allow an attacker to run arbitrary codes on the targeted system.  

Impact 

  ✻  Exposing sensitive information to unauthorized parties
  ✻  Unauthorized access to the server
  ✻  Malware Infections
  ✻  Unpredictable behavior in the server 

Solution/ Workarounds 

  ✻  Apply the security patch mentioned by the Microsoft security advisory
   https://msrc.microsoft.com/update-guide/en-us  

References 


  ✻  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17118
  ✻  https://exchange.xforce.ibmcloud.com/vulnerabilities/193934
  ✻  https://www.cert-in.org.in  

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Fri Jan 15 2021