CVE-2020-1440

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data. To exploit the vulnerability, an attacker would need to be authenticated on an affected SharePoint Server. The attacker would then need to send a specially modified request to the server, targeting a specific user. The security update addresses the vulnerability by modifying how Microsoft SharePoint Server handles profile data.

Published: Sep 11, 2020
Updated: May 4, 2025
CVE: CVE-2020-1440
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / sharepoint_server	2010-sp2	2010-sp2.x
microsoft / sharepoint_enterprise_server	2016	2016.x
microsoft / sharepoint_enterprise_server	2013-sp1	2013-sp1.x
microsoft / sharepoint_server	2019	2019.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1440

Vulnerability Database

289,697

CVE-2020-1440