CVE-2020-1295: Microsoft SharePoint Elevation of Privilege Vulnerability

Overview

Severity

N/A

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Jun

Released

2020-06-09

EPSS Score

12.82% (percentile: 94.0%)

Description

An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. To exploit this vulnerability, an authenticated attacker would send a specially crafted request to an affected server, thereby allowing the impersonation of another SharePoint user. The security update addresses the vulnerability by correcting how Microsoft SharePoint sanitizes user input.

FAQ

Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Affected Products (3)

Microsoft Office

• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Enterprise Server 2013 Service Pack 1
• Microsoft SharePoint Server 2019

Security Updates (3)

• 4484402
• 4484405
• 4484400

Revision History

• 2020-06-09: Information published.