SB2020041410 - Multiple vulnerabilities in Microsoft SharePoint
Published: April 14, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Spoofing attack (CVE-ID: CVE-2020-0977)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. A remote authenticated attacker can send a specially crafted request and spoof page content.
2) Spoofing attack (CVE-ID: CVE-2020-0976)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. A remote authenticated attacker can send a specially crafted request and spoof page content.
3) Spoofing attack (CVE-ID: CVE-2020-0975)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. A remote authenticated attacker can send a specially crafted request and spoof page content.
4) Input validation error (CVE-ID: CVE-2020-0974)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists within the Microsoft SharePoint when the software fails to check the source markup of an application package. A remote authenticated attacker can use a specially crafted SharePoint application package and execute arbitrary code on the target system.
5) Spoofing attack (CVE-ID: CVE-2020-0972)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. A remote authenticated attacker can send a specially crafted request and spoof page content.
6) Input validation error (CVE-ID: CVE-2020-0971)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists within the Microsoft SharePoint when the software fails to check the source markup of an application package. A remote authenticated attacker can use a specially crafted SharePoint application package and execute arbitrary code on the target system.
7) Input validation error (CVE-ID: CVE-2020-0932)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists within the Microsoft SharePoint when the software fails to check the source markup of an application package. A remote authenticated attacker can use a specially crafted SharePoint application package and execute arbitrary code on the target system.
8) Input validation error (CVE-ID: CVE-2020-0931)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists within the Microsoft SharePoint when the software fails to check the source markup of an application package. A remote authenticated attacker can use a specially crafted SharePoint application package and execute arbitrary code on the target system.
9) Input validation error (CVE-ID: CVE-2020-0929)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists within the Microsoft SharePoint when the software fails to check the source markup of an application package. A remote authenticated attacker can use a specially crafted SharePoint application package and execute arbitrary code on the target system.
10) Input validation error (CVE-ID: CVE-2020-0920)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists within the Microsoft SharePoint when the software fails to check the source markup of an application package. A remote authenticated attacker can use a specially crafted SharePoint application package and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0977
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0974
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920