CVE-2020-1023Unrestricted File Upload in Microsoft Sharepoint Enterprise Server

CWE-434Unrestricted File UploadCWE-440Expected Behavior Violation8 documents6 sources
Severity
8.8HIGHNVD
EPSS
28.9%
top 3.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Sharepoint Enterprise ServerMicrosoft Sharepoint FoundationMicrosoft Sharepoint Server+3 more
Timeline
PublishedMay 21
Latest updateMay 24

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5microsoft/microsoft_sharepoint_foundation2013 Service Pack 1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-xw99-vmpf-qpg4: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka2022-05-24
CVEList
CVE-2020-1023: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka2020-05-21

📋Vendor Advisories

1
Microsoft
Microsoft SharePoint Remote Code Execution Vulnerability2020-05-12

💬Community

3
Bugzilla
CVE-2020-25600 xen: out of bounds event channels available to 32-bit x86 domains (XSA-342)2020-09-17
Bugzilla
CVE-2020-25597 xen: once valid event channels may not turn invalid (XSA-338)2020-09-16
Bugzilla
CVE-2020-15566 xen: incorrect error handling in event channel port allocation leads to DoS (XSA-317)2020-06-26
CVE-2020-1023 — Unrestricted File Upload in Microsoft | cvebase