CVE-2020-1444 — Improper Input Validation in Microsoft Sharepoint Enterprise Server

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

15.3%

top 5.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Sharepoint Enterprise Server Microsoft Sharepoint Foundation Microsoft Sharepoint Server +3 more

Timeline

PublishedJul 14

Latest updateMay 24

Description

A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

▶NVDmicrosoft/sharepoint_server2019

▶NVDmicrosoft/sharepoint_foundation2013

▶CVEListV5microsoft/microsoft_sharepoint_server2019

▶NVDmicrosoft/sharepoint_enterprise_server2016

▶CVEListV5microsoft/microsoft_sharepoint_foundation2013 Service Pack 1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-gvgq-x76m-m83j: A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoi↗2022-05-24

▶

CVEList

CVE-2020-1444: A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoi↗2020-07-14

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Remote Code Execution Vulnerability↗2020-07-14

▶