Vulnerabilities > CVE-2020-1439 - Deserialization of Untrusted Data vulnerability in Microsoft products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
CWE-502
NVD
Published: 2020-07-14
Updated: 2020-07-23

Summary

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

Vulnerable Configurations

Part Description Count
Application
Microsoft
5

Common Weakness Enumeration (CWE)

References