Source: Ministry of education information & communication security contingency platform
"" "" ""
| Publication Number | TACERT-ANA-2026011501012424 | Publication Time | 2026/01/15 13:38 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2026/01/15 13:38 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Two Critical Security Vulnerabilities Have Been Identified in Microsoft SharePoint Server (CVE-2026-20947) (CVE-2026-20963) |
|||
| [Content] Forwarded from TWCERTCC-200-202601-00000011 Microsoft SharePoint Server is an enterprise-level collaboration platform that provides document management and team collaboration capabilities and serves as a core platform for enterprise information integration. Recently, Microsoft released a critical security advisory (CVE-2026-20947, CVSS: 8.8, and CVE-2026-20963, CVSS: 8.8). CVE-2026-20947 is an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands over the network. CVE-2026-20963 is a deserialization of untrusted data vulnerability that allows authenticated attackers to execute arbitrary code over the network. (Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
|||
|
[Recommended Actions] 【CVE-2026-20947】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-20947 【CVE-2026-20963】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-20963 |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10633-136b6-1.html |
|||