Description

<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.</p> <p>To exploit the vulnerability, an attacker would need to be authenticated on an affected SharePoint Server. The attacker would then need to send a specially modified request to the server, targeting a specific user.</p> <p>The security update addresses the vulnerability by modifying how Microsoft SharePoint Server handles profile data.</p>

Remediation

References

CVE-2020-1440

Related Vulnerabilities

SharePoint CVE-2020-17118 Vulnerability (CVE-2020-17118)

Plupload Cross-site Scripting (XSS) Vulnerability (CVE-2016-4566)

IBM WebSEAL Improper Certificate Validation Vulnerability (CVE-2019-4150)

MySQL CVE-2019-2780 Vulnerability (CVE-2019-2780)

Oracle JRE CVE-2018-2581 Vulnerability (CVE-2018-2581)

Severity

Medium

Classification

CVE-2020-1440 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities