Fwd: [CIVN-2020-0294] Microsoft Office Elevation of Privilege Vulnerability

1 year ago 97

Severity Rating: HIGH

Software Affected

Microsoft Lync Server 2013

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server 2019

Skype for Business Server 2015 CU 8

Skype for Business Server 2019 CU2


Elevation of privilege vulnerability has been reported in Microsoft

SharePoint Server and Skype for Business Server, which could allow an

attacker to gain elevated privileges, bypass security restrictions and

execute arbitrary code on the targeted system.


This vulnerability exists in Microsoft SharePoint Server and Skype for

Business Server due to improper handling of the OAuth token validation. A

remote attacker could exploit this vulnerability by alter the token.  

Successful exploitation of this vulnerability could allow the attacker to

gain elevated privileges and bypass authentication of the targeted system.


Apply appropriate fix as mentioned in Microsoft Security Advisory 

Vendor Information




- -1025

CVE Name


Read Entire Article