CyberSec.Space Logo
Back to CVE Browser

CVE-2020-1025

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile18.82th
PublishedJul 14, 2020
Last ModifiedFeb 23, 2026

Vulnerability Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Lync

= 2013
πŸ“¦
Microsoft

Sharepoint Enterprise Server

= 2016
πŸ“¦
Microsoft

Sharepoint Foundation

= 2013
πŸ“¦
Microsoft

Sharepoint Server

= 2019
πŸ“¦
Microsoft

Skype For Business

= 2015
πŸ“¦
Microsoft

Skype For Business

= 2019

References & Advisories

πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

Related Vulnerabilities

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2013-13029.3

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, whic...

CVE-2012-18499.3

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privilege...

CVE-2014-18179.3

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...