CVE-2020-0974 — Microsoft Sharepoint Enterprise Server vulnerability

4 documents4 sources

Severity

8.8HIGHNVD

EPSS

20.7%

top 4.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Sharepoint Enterprise Server Microsoft Sharepoint Server Microsoft Sharepoint Enterprise Server +1 more

Timeline

PublishedApr 15

Latest updateMay 24

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDmicrosoft/sharepoint_server2019

▶CVEListV5microsoft/microsoft_sharepoint_server2019

▶NVDmicrosoft/sharepoint_enterprise_server2016

▶CVEListV5microsoft/microsoft_sharepoint_enterprise_server2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-pp7c-m8cf-8vm2: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka↗2022-05-24

▶

CVEList

CVE-2020-0974: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka↗2020-04-15

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Remote Code Execution Vulnerability↗2020-04-14

▶