Microsoft SharePoint Server Elevation of Privilege Vulnerability

ID MS:CVE-2020-1178
Type mscve
Reporter Microsoft
Modified 2020-06-09T07:00:00


An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the context of the SharePoint application pool account.

To exploit this vulnerability, an authenticated attacker would need to create a page specifically designed to cause a server-side request. The attacker would then send a specially-crafted message to perform a server-side request forgery attack.

The update addresses the vulnerability by modifying how Microsoft SharePoint Server manages server authentication.