CVE-2020-1440: Microsoft SharePoint Server Tampering Vulnerability

Overview

Severity

Medium (CVSS 6.3)

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Category

Tampering

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Sep

Released

2020-09-08

EPSS Score

1.77% (percentile: 82.7%)

Description

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected SharePoint Server. The attacker would then need to send a specially modified request to the server, targeting a specific user. The security update addresses the vulnerability by modifying how Microsoft SharePoint Server handles profile data.

Affected Products (4)

Other

• 10950
• 11099
• 11585
• 10495

Security Updates (4)

• 4484506
• 4484515
• 4484505
• 4486664

Acknowledgments

Steven Seeley (mr_me) of <a href="https://srcincite.io/">Source Incite</a>

Revision History

• 2020-09-08: Information published.