First published: Fri Sep 11 2020(Updated: )
<p>A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator.</p> <p>To exploit the vulnerability, an authenticated attacker would need to send a specially crafted request to an affected SSRS server.</p> <p>The update addresses the vulnerability by modifying how SSRS validates attachment uploads.</p>
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
=2017 | ||
=2019 | ||
Microsoft Sql Server Reporting Services | =2017 | |
Microsoft Sql Server Reporting Services | =2019 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-1044 is a security feature bypass vulnerability in SQL Server Reporting Services (SSRS) that allows attackers to upload malicious attachments to reports.
The severity of CVE-2020-1044 is medium, with a CVSS severity score of 6.5.
SQL Server Reporting Services (SSRS) versions 2017 and 2019 are affected by CVE-2020-1044.
CVE-2020-1044 allows attackers to bypass security features in SSRS by uploading malicious attachments to reports.
Yes, Microsoft has released a security update to address the vulnerability. It is recommended to install the latest update for SQL Server Reporting Services.