8.8
CVE-2020-1439
- EPSS 30.2%
- Veröffentlicht 14.07.2020 23:15:19
- Zuletzt bearbeitet 21.11.2024 05:10:33
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Sharepoint Enterprise Server Version2013 Updatesp1
Microsoft ≫ Sharepoint Enterprise Server Version2016
Microsoft ≫ Sharepoint Foundation Version2013 Updatesp1
Microsoft ≫ Sharepoint Server Version2010 Updatesp2
Microsoft ≫ Sharepoint Server Version2019
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 30.2% | 0.965 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.