CVE-2020-1025 Microsoft Office Elevation of Privilege Vulnerability

🗓️ 14 Jul 2020 22:53:56Reported by microsoftType

Microsoft Office Privilege Vulnerabilit

Reporter	Title	Published	Views	Family All 23
Information Security Automation	Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint	2 Aug 202004:05	–	avleonov
BDU FSTEC	The vulnerability of the Microsoft SharePoint Server software, the Microsoft Lync Server and Skype for Business Server messaging applications is related to errors in token verification by Oauth. This vulnerability allows attackers to escalate their privileges.	17 Jul 202000:00	–	bdu_fstec
CVE	CVE-2020-1025	14 Jul 202022:53	–	cve
Microsoft KB	Description of the security update for SharePoint Enterprise Server 2016: July 14, 2020	14 Jul 202007:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Foundation 2013: July 14, 2020	14 Jul 202007:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Server 2019: July 14, 2020	14 Jul 202007:00	–	mskb
Microsoft KB	Description of the security update for Skype for Business Server 2019 CU 2: July 14, 2020	14 Jul 202007:00	–	mskb
Microsoft KB	Description of the security update for Skype for Business Server 2015 CU 8: July 14, 2020	14 Jul 202007:00	–	mskb
Microsoft KB	Microsoft Teams help & learning	14 Jul 202007:00	–	mskb
Kaspersky	KLA11864 Multiple vulnerabilities in Microsoft Office	14 Jul 202000:00	–	kaspersky

[
  {
    "vendor": "Microsoft",
    "product": "Skype for Business Server 2019  CU2",
    "cpes": [
      "cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "7.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Skype for Business Server 2015 CU 8",
    "cpes": [
      "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "2015 CU 8",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Lync Server 2013",
    "cpes": [
      "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Enterprise Server 2016",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Server 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

28 May 2024 20:54Current

9.5High risk

Vulners AI Score9.5

EPSS0.05853