CVE-2020-1210

CWE-4945 documents5 sources

Severity

8.8HIGH

EPSS

0.7%

top 28.04%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Microsoft Business Productivity Servers 2010 Service Pack 2 Microsoft Microsoft Sharepoint Enterprise Server 2013 Service Pack 1 Microsoft Microsoft Sharepoint Enterprise Server 2016 +5 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresse…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages8 packages

▶CVEListV5microsoft/microsoft_sharepoint_server_201916.0.0 — publication

▶CVEListV5microsoft/microsoft_sharepoint_enterprise_server_201616.0.0 — publication

▶CVEListV5microsoft/microsoft_sharepoint_server_2010_service_pack_213.0.0.0 — publication

▶CVEListV5microsoft/microsoft_sharepoint_enterprise_server_2013_service_pack_115.0.0 — publication

▶NVDmicrosoft/sharepoint_server2019

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-mj64-4vr6-2hqr: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka↗2022-05-24

▶

CVEList

Microsoft SharePoint Remote Code Execution Vulnerability↗2020-09-11

▶

VulnCheck

Microsoft SharePoint Download of Code Without Integrity Check↗2020

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Remote Code Execution Vulnerability↗2020-09-08

▶