A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka ‘PerformancePoint Services Remote Code Execution Vulnerability’.
[
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
},
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2010 Service Pack 2"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
]