CVE-2020-1025

Published: Jul 14, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

Vendor	Product	Versions
Microsoft	Skype for Business Server 2019 CU2	affected `7.0.0 - < publication`
Microsoft	Skype for Business Server 2015 CU 8	affected `2015 CU 8 - < publication`
Microsoft	Microsoft Lync Server 2013	affected `0 - < publication`
Microsoft	Microsoft SharePoint Enterprise Server 2016	affected `16.0.0 - < publication`
Microsoft	Microsoft SharePoint Server 2019	affected `16.0.0 - < publication`
Microsoft	Microsoft SharePoint Foundation 2013 Service Pack 1	affected `15.0.0 - < publication`

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-1025

Description

Affected Products

References