CVE-2020-1439

Опубликовано: 14 июл. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-874/
Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-874/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.31155

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-502

Связанные уязвимости

CVE-2020-1439

msrc

больше 5 лет назад

PerformancePoint Services Remote Code Execution Vulnerability

GHSA-7vrg-q6mv-3q9x

github

больше 3 лет назад

BDU:2020-03509

CVSS3: 9.8

fstec