CVE-2020-1025

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

Published: Jul 15, 2020
Updated: May 29, 2024
CVE: CVE-2020-1025
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / sharepoint_foundation	2013-sp1	2013-sp1.x
microsoft / sharepoint_enterprise_server	2016	2016.x
microsoft / sharepoint_server	2019	2019.x
microsoft / lync	2013	2013.x
microsoft / skype_for_business	2019-cumulative_update_2	2019-cumulative_update_2.x
microsoft / skype_for_business	2015-cumulative_update_8	2015-cumulative_update_8.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025

Vulnerability Database

289,599

CVE-2020-1025