CVE-2020-1439

high

Description

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439

https://www.zerodayinitiative.com/advisories/ZDI-20-874/

Details

Source: MITRE

Published: 2020-07-14

Updated: 2020-07-23

Type: CWE-502

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH