microsoft-sharepoint-server
修复版本
publication
CVE-2020-1523 describes a profile data tampering vulnerability in Microsoft SharePoint Server. Successful exploitation allows an authenticated attacker to modify a targeted user's profile data, potentially leading to identity theft or unauthorized access. This vulnerability affects SharePoint Server versions 16.0.0 and later. A security update is available to address this issue.
An attacker exploiting CVE-2020-1523 can directly modify a user's profile within SharePoint Server. This could involve altering contact information, job titles, or other profile attributes. The impact extends beyond simple data modification; attackers could potentially leverage altered profile data to gain unauthorized access to resources or impersonate the affected user. While the vulnerability requires authentication, the ability to target specific users makes it a significant risk, especially in environments with shared accounts or weak password policies. The ability to manipulate user profiles could also be used to escalate privileges within the SharePoint environment, granting attackers broader control.
CVE-2020-1523 was published on September 11, 2020. There is no indication of this vulnerability being actively exploited in the wild. No public proof-of-concept exploits are currently available. The vulnerability's requirement for authentication limits its immediate exploitability, but the potential for targeted attacks remains a concern.
漏洞利用状态
EPSS
1.39% (80% 百分位)
CVSS 向量
The primary mitigation for CVE-2020-1523 is to apply the security update released by Microsoft. Since a specific fixed version is not provided, ensure you are running the latest available SharePoint Server updates. As a temporary workaround, restrict access to profile modification features to authorized personnel only. Implement robust authentication and authorization controls to limit the potential impact of a successful attack. Regularly audit user profiles for any unauthorized changes. After applying the update, confirm the vulnerability is resolved by attempting to modify a test user's profile and verifying that the changes are rejected.
Aplicar la actualización de seguridad proporcionada por Microsoft para corregir la forma en que SharePoint Server maneja los datos de perfil. Esto evitará la manipulación no autorizada de los datos de los usuarios.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2020-1523 is a HIGH severity vulnerability affecting Microsoft SharePoint Server versions 16.0.0 and later, allowing an authenticated attacker to modify user profile data.
If you are running Microsoft SharePoint Server version 16.0.0 or later and have not applied the latest security updates, you are potentially affected by this vulnerability.
Apply the latest security updates released by Microsoft for SharePoint Server. Regularly check for and install updates to ensure your system is protected.
There is currently no evidence of CVE-2020-1523 being actively exploited in the wild, but the potential for targeted attacks remains.
Refer to the Microsoft Security Update Guide for CVE-2020-1523: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1523