Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1025

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

Published

2020-07-14T23:15:11.447

Last Modified

2024-11-21T05:09:35.097

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	lync	2013	Yes
Application	microsoft	sharepoint_enterprise_server	2016	Yes
Application	microsoft	sharepoint_foundation	2013	Yes
Application	microsoft	sharepoint_server	2019	Yes
Application	microsoft	skype_for_business	2015	Yes
Application	microsoft	skype_for_business	2019	Yes

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025 Patch, Vendor Advisory ([email protected])
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)