CVE-2020-1440
published 2020-09-11CVE-2020-1440: A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.
To exploit the vulnerability, an attacker would need to be authenticated on an affected SharePoint Server. The attacker would then need to send a specially modified request to the server, targeting a specific user.
The security update addresses the vulnerability by modifying how Microsoft SharePoint Server handles profile data.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_sharepoint_enterprise_server_2013_service_pack_1 | >= 15.0.0 < publication | publication |
| microsoft | microsoft_sharepoint_enterprise_server_2016 | >= 16.0.0 < publication | publication |
| microsoft | microsoft_sharepoint_server_2010_service_pack_2 | >= 13.0.0.0 < publication | publication |
| microsoft | microsoft_sharepoint_server_2019 | >= 16.0.0 < publication | publication |
| microsoft | sharepoint_enterprise_server | — | — |
| microsoft | sharepoint_enterprise_server | — | — |
| microsoft | sharepoint_server | — | — |
| microsoft | sharepoint_server | — | — |
| msrc | microsoft_sharepoint_enterprise_server_2013_service_pack_1 | — | — |
| msrc | microsoft_sharepoint_enterprise_server_2016 | — | — |
| msrc | microsoft_sharepoint_server_2010_service_pack_2 | — | — |
| msrc | microsoft_sharepoint_server_2019 | — | — |