vulnerability
Microsoft SharePoint: CVE-2020-1025: Microsoft Office Elevation of Privilege Vulnerability
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jul 14, 2020 | May 15, 2023 | Apr 8, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 14, 2020
Added
May 15, 2023
Modified
Apr 8, 2025
Description
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
Solution(s)
microsoft-sharepoint-sharepoint_2016-kb4484436microsoft-sharepoint-sharepoint_2019-kb4484453

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.