Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

vendredi 19 juin 2020

Microsoft Sharepoint - RCE in ASP.Net Web Controls (CERT-EU Security Advisory 2020-030)

On the 6th of June 2020, Microsoft released a security advisory for a vulnerability affecting Microsoft Sharepoint identified as CVE-2020-1181. On the 17th of June 2020, Zero Day Initiative released a blog post providing a proof of concept on how to exploit the vulnerability. This vulnerability allows authenticated users to execute arbitrary code on a SharePoint server with privileges of the service account. An attacker may create and call a specific crafted page to successfully exploit the vulnerability. In the default configuration of SharePoint, the necessary permission is given to any user as any user can create its own SharePoint site.

Lien vers l'article source

Auteur: Cert EU

Catégories: CertEUNombre de vues: 223


Événements SSI