Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mercredi 6 mai 2020

Microsoft Sharepoint - RCE in TypeConverters (CERT-EU Security Advisory 2020-025)

On the 14th of April 2020, Microsoft released several security advisories for vulnerabilities affecting Microsoft Sharepoint. On the 29th of April 2020, Zero Day Initiative released a blog post providing details on one of these vulnerabilities (CVE-2020-0932). This vulnerability allows authenticated users to execute arbitrary code on a SharePoint server in the context of the service account. To successfully exploit the vulnerability, attacker needs some specific permission (Add or Customize Pages). However, in the default configuration of SharePoint this permission is given to any user as any user can create its own SharePoint site.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 214


Événements SSI