A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
References
Link | Resource |
---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-20-874/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-07-14 16:15
Updated : 2020-07-23 13:15
NVD link : CVE-2020-1439
Mitre link : CVE-2020-1439
JSON object : View
CWE
CWE-502
Deserialization of Untrusted Data
Products Affected
microsoft
- sharepoint_foundation
- sharepoint_server
- sharepoint_enterprise_server