vulnerability

Microsoft SharePoint: CVE-2020-1025: Microsoft Office Elevation of Privilege Vulnerability

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 14, 2020
Added
May 15, 2023
Modified
Apr 8, 2025

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

Solution(s)

microsoft-sharepoint-sharepoint_2016-kb4484436microsoft-sharepoint-sharepoint_2019-kb4484453
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.