A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439
Source: MITRE
Published: 2020-07-14
Updated: 2020-07-23
Type: CWE-502
Base Score: 6.5
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8
Severity: MEDIUM
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH