Business Productivity Servers Microsoft Business Productivity Servers

stack.watch can notify you when security vulnerabilities are reported in Microsoft Business Productivity Servers. You can add multiple products that you use with Business Productivity Servers to create your own personal software stack watcher.

By the Year

In 2020 there have been 2 vulnerabilities in Microsoft Business Productivity Servers with an average score of 7.1 out of ten. Last year Business Productivity Servers had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year. However, the average CVE base score of the vulnerabilities in 2020 is greater by 1.70.

Year Vulnerabilities Average Score
2020 2 7.10
2019 1 5.40
2018 0 0.00

It may take a day or so for new Business Productivity Servers vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Microsoft Business Productivity Servers Security Vulnerabilities

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package

CVE-2020-0931 8.8 - High - April 15, 2020

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.

CVE-2020-0931 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Unrestricted File Upload

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server

CVE-2020-0795 5.4 - Medium - March 12, 2020

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. This CVE ID is unique from CVE-2020-0891.

CVE-2020-0795 can be explotited with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server

CVE-2019-0558 5.4 - Medium - January 08, 2019

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557.

CVE-2019-0558 is exploitable with network access, requires user interaction and a small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.3 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS