CVE-2020-1200Download of Code Without Integrity Check in Microsoft Sharepoint Enterprise Server 2016

CWE-494Download of Code Without Integrity Check4 documents4 sources
Severity
8.6HIGHNVD
EPSS
1.4%
top 19.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Microsoft Sharepoint Enterprise Server 2016Microsoft Sharepoint Foundation 2010 Service Pack 2Microsoft Sharepoint Foundation 2013 Service Pack 1+4 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresse

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:LExploitability: 3.9 | Impact: 4.7

Affected Packages7 packages

CVEListV5microsoft/microsoft_sharepoint_server_201916.0.0publication

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-56px-8q45-w6v6: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka2022-05-24
CVEList
Microsoft SharePoint Remote Code Execution Vulnerability2020-09-11

📋Vendor Advisories

1
Microsoft
Microsoft SharePoint Remote Code Execution Vulnerability2020-09-08
CVE-2020-1200 — Microsoft vulnerability | cvebase