CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-1025

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile18.82th
Published2020年7月14日
Last Modified2026年2月23日

Vulnerability Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

Affected Platforms (CPE)

📦
Microsoft

Lync

= 2013
📦
Microsoft

Sharepoint Enterprise Server

= 2016
📦
Microsoft

Sharepoint Foundation

= 2013
📦
Microsoft

Sharepoint Server

= 2019
📦
Microsoft

Skype For Business

= 2015
📦
Microsoft

Skype For Business

= 2019

References & Advisories

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

関連する脆弱性情報

CVE-2016-71829.8

The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Ser...

CVE-2013-13029.3

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, whic...

CVE-2012-18499.3

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privilege...

CVE-2014-18179.3

usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...