Sep 2020: SQL Server Reporting Services Security Feature Bypass Vulnerability
CVE-2020-1044 Published on September 11, 2020
SQL Server Reporting Services Security Feature Bypass Vulnerability
<p>A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator.</p>
<p>To exploit the vulnerability, an authenticated attacker would need to send a specially crafted request to an affected SSRS server.</p>
<p>The update addresses the vulnerability by modifying how SSRS validates attachment uploads.</p>
Products Associated with CVE-2020-1044
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1044 are published in these products:
Affected Versions
Microsoft SQL Server 2017 Reporting Services:- Version 14.0.0 and below publication is affected.
- Version 15.0.0 and below publication is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.