nvd-json-data-feeds/CVE-2020/CVE-2020-10xx/CVE-2020-1044.json

{
  "id": "CVE-2020-1044",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2020-09-11T17:15:18.260",
  "lastModified": "2020-09-16T14:14:47.360",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports, aka 'SQL Server Reporting Services Security Feature Bypass Vulnerability'."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en SQL Server Reporting Services (SSRS) cuando el servidor comprueba inapropiadamente los archivos adjuntos cargados en los reportes, tambi\u00e9n se conoce como \"SQL Server Reporting Services Security Feature Bypass Vulnerability\""
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1A474BD-3D0F-4B62-B64D-4154A72DD160"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "71090A71-B116-48E2-BB73-D29C8D817E68"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1044",
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}