Security Vulnerabilities - CVEs Published In June 2020
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-06-09
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-06-09
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.
CVSS Score
5.4
EPSS Score
0.01
Published
2020-06-09
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'.
CVSS Score
8.8
EPSS Score
0.121
Published
2020-06-09
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2020-06-09
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
CVSS Score
6.7
EPSS Score
0.0
Published
2020-06-09
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-09
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-06-09
Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-06-09
SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-06-09