CVE-2020-0795 : What You Need to Know
Discover the impact and mitigation strategies for CVE-2020-0795, a Microsoft SharePoint Reflective XSS Vulnerability affecting servers in 2016, 2010 SP2, and 2013 SP1 versions.
SharePoint Server vulnerability allowing for reflective XSS attack.
Understanding CVE-2020-0795
This CVE pertains to a vulnerability in Microsoft SharePoint servers that could lead to a spoofing attack.
What is CVE-2020-0795?
- A flaw where SharePoint Server fails to sanitize specific requests, opening doors for attacks
- Identified as 'Microsoft SharePoint Reflective XSS Vulnerability'
The Impact of CVE-2020-0795
- Attackers can exploit this by sending crafted requests to affected servers
- Affects Microsoft SharePoint Enterprise Server 2016, Business Productivity Servers 2010 SP2, and SharePoint Foundation 2013 SP1
Technical Details of CVE-2020-0795
A SharePoint Server vulnerability causing reflective XSS.
Vulnerability Description
- SharePoint Server vulnerability not properly sanitizing crafted requests
- Attackers could perform a spoofing attack
Affected Systems and Versions
- Microsoft SharePoint Enterprise Server 2016
- Microsoft Business Productivity Servers 2010 Service Pack 2
- Microsoft SharePoint Foundation 2013 Service Pack 1
Exploitation Mechanism
- Authenticated attackers send specially crafted requests to exploit the vulnerability
Mitigation and Prevention
Steps to secure systems from CVE-2020-0795.
Immediate Steps to Take
- Apply security patches from Microsoft
- Consider network segmentation to limit attack surface
Long-Term Security Practices
- Regularly update and patch SharePoint servers
- Conduct security trainings for staff to identify suspicious activities
Patching and Updates
- Regularly check Microsoft security updates for relevant patches