PerformancePoint 服务远程执行代码漏洞
CVE编号
CVE-2020-1439利用情况
暂无补丁情况
N/A披露时间
2020-07-14漏洞描述
如果PerformancePoint Services for SharePoint Server无法检查XML文件输入的源标记,即“PerformancePoint Services远程代码执行漏洞”,则该软件中存在远程代码执行漏洞。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2020-1439受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | microsoft | sharepoint_enterprise_server | 2013 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | microsoft | sharepoint_enterprise_server | 2016 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | microsoft | sharepoint_foundation | 2013 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | microsoft | sharepoint_server | 2010 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | microsoft | sharepoint_server | 2019 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | kernel | * | Up to (excluding) 5.4.68-34.125.amzn2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_AMI | kernel | * | Up to (excluding) 4.14.200-116.320.amzn1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | libvncserver-debuginfo | * | Up to (excluding) 1.36.2-10.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | perl-DBI | * | Up to (excluding) 1.643-3.fc31 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_37 | qemu-system-m68k-core | * | Up to (excluding) 7.0.0-12.fc37 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP1 | qemu | * | Up to (excluding) 4.1.0-44.p05.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP2 | qemu | * | Up to (excluding) 4.1.0-32.p09.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP3 | libvncserver | * | Up to (excluding) 0.9.13-3.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_loongarch64_V10SP1 | qemu-guest-agent | * | Up to (excluding) 4.2.0-34.8.p02.a.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP1 | qemu | * | Up to (excluding) 4.1.0-44.p05.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP2 | qemu | * | Up to (excluding) 4.1.0-32.p09.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP3 | libvncserver | * | Up to (excluding) 0.9.13-3.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.1 | perl-DBI | * | Up to (excluding) 4.12.14-lp151.28.71.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | perl-DBI | * | Up to (excluding) 5.3.18-lp152.3.5.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_6 | kernel | * | Up to (excluding) 4.1.12-124.67.3.el7uek | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_7 | kernel | * | Up to (excluding) 4.14.35-2025.402.2.1.el7uek | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | kernel | * | Up to (excluding) 3.28.2-22.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | libvncserver-debuginfo | * | Up to (excluding) 1.36.2-10.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | perl-DBI | * | Up to (excluding) 3.1.1.1-66.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04.7_lts | libvncserver | * | Up to (excluding) 0.9.10+dfsg-3ubuntu0.16.04.5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04.5_lts | libvncserver | * | Up to (excluding) 0.9.11+dfsg-1ubuntu1.3 | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 低
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-502 | 可信数据的反序列化 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论