MS.SharePoint.tagPrefixRegex.Parsing.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Sharepoint Server.
The vulnerability is due to incorrect parsing a "tagPrefixRegex" value. A remote attacker could exploit this vulnerability by creating and invoking a specially crafted Web Part. Successful exploitation results in the execution of arbitrary code in the context of service account.
Affected Products
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2019
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1444
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |