CVE-2020-1024

CWE-434 — Unrestricted File Upload CWE-400 — Uncontrolled Resource Consumption CWE-401 — Memory Leak7 documents6 sources

Severity

8.8HIGH

EPSS

28.9%

top 3.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Sharepoint Enterprise Server Microsoft Microsoft Sharepoint Foundation Microsoft Microsoft Sharepoint Server +3 more

Timeline

PublishedMay 21

Latest updateMay 24

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶NVDmicrosoft/sharepoint_server2019

▶NVDmicrosoft/sharepoint_foundation2013

▶CVEListV5microsoft/microsoft_sharepoint_server2019

▶NVDmicrosoft/sharepoint_enterprise_server2016

▶CVEListV5microsoft/microsoft_sharepoint_foundation2013 Service Pack 1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-cpvx-jwgh-3v74: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka↗2022-05-24

▶

CVEList

CVE-2020-1024: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka↗2020-05-21

▶

💥Exploits & PoCs

Exploit-DB

FlashGet 1.9.6 - Denial of Service (PoC)↗2020-05-07

▶

Exploit-DB

OpenSMTPD 6.6.1 - Remote Code Execution↗2020-01-30

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Remote Code Execution Vulnerability↗2020-05-12

▶