Lucene search
AnonymousZDI-20-874HistoryJul 16, 2020 - 12:00 a.m.
Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability
2020-07-1600:00:00
Anonymous
www.zerodayinitiative.com
22
0.013 Low
EPSS
Percentile
85.9%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of controls in the Microsoft.PerformancePoint.Scorecards.Client module. Instantiating the ExcelDataSet control can trigger the deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the SharePoint web server process.
Related
mskb
mskb
Description of the security update for SharePoint Server 2010: July 14, 2020
2020-07-14 07:00:00
mscve
mscve
PerformancePoint Services Remote Code Execution Vulnerability
2020-07-14 07:00:00
cve
cve
CVE-2020-1439
2020-07-14 23:15:19
cvelist
cvelist
CVE-2020-1439
2020-07-14 22:54:44
prion
prion
Remote code execution
2020-07-14 23:15:00
nvd
nvd
CVE-2020-1439
2020-07-14 23:15:19
qualysblog
qualysblog
nessus
nessus
Security Updates for Microsoft SharePoint Server (July 2020)
2020-07-15 00:00:00
kaspersky
kaspersky
KLA11864 Multiple vulnerabilities in Microsoft Office
2020-07-14 00:00:00
avleonov
avleonov