CVE-2020-1439

HIGH

PerformancePoint Services - RCE

Title source: llm

Description

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

References (2)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1439

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-20-874/

Scores

CVSS v3 8.8

EPSS 0.3115

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (5)

microsoft/sharepoint_enterprise_server

microsoft/sharepoint_foundation

microsoft/sharepoint_server

Timeline

Published Jul 14, 2020

Tracked Since Feb 18, 2026