CVE-2020-0977: 
vulnerability analysis and mitigation

A spoofing vulnerability exists in Microsoft SharePoint Server when it fails to properly sanitize specially crafted web requests to affected SharePoint servers (CVE-2020-0977). The vulnerability was disclosed on April 15, 2020, affecting multiple versions of SharePoint Enterprise Server including 2013 SP1, 2016, and SharePoint Server 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Under CVSS v2.0, it received a base score of 3.5 (LOW) with vector (AV:N/AC:M/Au:S/C:N/I:P/A:N). The vulnerability requires user interaction and affects the confidentiality and integrity of the system (NVD).

The vulnerability could allow an attacker to perform spoofing attacks against affected SharePoint servers. The impact is primarily limited to confidentiality and integrity breaches, with no direct impact on system availability (NVD).

Microsoft has released security updates to address this vulnerability. The fix is included in the April 14, 2020 security update for affected SharePoint versions. Organizations running SharePoint Enterprise Server 2016 can apply security update 4484299 to remediate this vulnerability (Microsoft Support).