Description

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

Remediation

References

CVE-2020-1439

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Gift Cards Premium Unspecified Vulnerability (3.20.0)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20507)

TYPO3 Other Vulnerability (CVE-2007-1081)

WordPress Plugin Spiffy Calendar Security Bypass (4.9.10)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17292)

Severity

High

Classification

CVE-2020-1439 CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities