CVE-2020-1044

Опубликовано: 11 сент. 2020

Источник: nvd

CVSS3: 4.3

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator.

To exploit the vulnerability, an authenticated attacker would need to send a specially crafted request to an affected SSRS server.

The update addresses the vulnerability by modifying how SSRS validates attachment uploads.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1044
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1044
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:sql_server_reporting_services:2017:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:sql_server_reporting_services:2019:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04445

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2020-1044

CVSS3: 4.3

msrc

больше 5 лет назад

SQL Server Reporting Services Security Feature Bypass Vulnerability

GHSA-j5c4-63f4-32wp

CVSS3: 4.3

github

больше 3 лет назад

A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka 'SQL Server Reporting Services Security Feature Bypass Vulnerability'.

BDU:2020-04481

CVSS3: 4.3

fstec

больше 5 лет назад

Уязвимость серверной системы создания отчётов SQL Server Reporting Services, связанная с ошибками при обработке входных данных, позволяющая нарушителю загружать файлы с недопустимыми типами

EPSS

Процентиль: 89%

0.04445

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20