According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities :
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input.
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server.
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server.
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory.
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation.
A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages.
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory.
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | sharepoint_server | * | cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:* |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1147
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1446
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1447
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1450
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1456
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1342
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1443
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1445
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1446
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1447
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1448
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1450
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1451
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1454
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1456