Vulnerability Details CVE-2020-1440
<p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.</p>
<p>To exploit the vulnerability, an attacker would need to be authenticated on an affected SharePoint Server. The attacker would then need to send a specially modified request to the server, targeting a specific user.</p>
<p>The security update addresses the vulnerability by modifying how Microsoft SharePoint Server handles profile data.</p>
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 4.0
References
Products affected by CVE-2020-1440
-
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013
-
cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016
-
cpe:2.3:a:microsoft:sharepoint_server:2010
-
cpe:2.3:a:microsoft:sharepoint_server:2019