CVE-2020-1025
CRITICALMicrosoft SharePoint Server/Skype for Business Server - Privilege E...
Title source: llmDescription
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025
Scores
CVSS v3
9.8
EPSS
0.0585
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (6)
microsoft/lync
2013
microsoft/sharepoint_enterprise_server
2016
microsoft/sharepoint_foundation
2013 sp1
microsoft/sharepoint_server
2019
microsoft/skype_for_business
2015 cumulative_update_8
microsoft/skype_for_business
2019 cumulative_update_2
Published
Jul 14, 2020
Tracked Since
Feb 18, 2026