CVE-2020-1181

CWE-20Improper Input Validation8 documents6 sources
Severity
8.8HIGH
EPSS
52.6%
top 2.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Microsoft Sharepoint Enterprise ServerMicrosoft Microsoft Sharepoint FoundationMicrosoft Microsoft Sharepoint Server+3 more
Timeline
PublishedJun 9
Latest updateMay 24

Description

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-7q25-89mc-hp7w: A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP2022-05-24
CVEList
CVE-2020-1181: A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP2020-06-09

📋Vendor Advisories

3
Oracle
Oracle Oracle Communications Applications Risk Matrix: MSS Integration Cartridge (Apache Struts 1) — CVE-2016-11812020-07-15
Microsoft
Microsoft SharePoint Server Remote Code Execution Vulnerability2020-06-09
Oracle
Oracle Oracle Retail Applications Risk Matrix: Dataset Component (Struts1) — CVE-2016-11812020-01-15

🕵️Threat Intelligence

1
Qualys
June 2020 Patch Tuesday – 128 Vulns, 11 Critical, Sharepoint, Workstation, Adobe Patches | Qualys2020-06-09
CVE-2020-1181 (HIGH CVSS 8.8) | A remote code execution vulnerabili | cvebase.io