Vulnerability Details : CVE-2020-1044
<p>A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator.</p>
<p>To exploit the vulnerability, an authenticated attacker would need to send a specially crafted request to an affected SSRS server.</p>
<p>The update addresses the vulnerability by modifying how SSRS validates attachment uploads.</p>
Vulnerability category: Input validation
Products affected by CVE-2020-1044
- cpe:2.3:a:microsoft:sql_server_reporting_services:2017:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:sql_server_reporting_services:2019:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-1044
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-1044
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
Microsoft Corporation |
CWE ids for CVE-2020-1044
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-1044
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1044
CVE-2020-1044 | SQL Server Reporting Services Security Feature Bypass VulnerabilityPatch;Vendor Advisory
Jump to