CVE-2020-1460 — Microsoft Sharepoint Enterprise Server 2013 Service Pack 1 vulnerability

4 documents4 sources

Severity

8.8HIGHNVD

CNA8.6

EPSS

4.8%

top 10.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Sharepoint Enterprise Server 2013 Service Pack 1 Microsoft Sharepoint Enterprise Server 2016 Microsoft Sharepoint Foundation 2010 Service Pack 2 +5 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process. To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server. T…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶CVEListV5microsoft/microsoft_sharepoint_server_201916.0.0 — publication

▶CVEListV5microsoft/microsoft_sharepoint_enterprise_server_201616.0.0 — publication

▶CVEListV5microsoft/microsoft_sharepoint_enterprise_server_2013_service_pack_115.0.0 — publication

▶NVDmicrosoft/sharepoint_server2019

▶NVDmicrosoft/sharepoint_enterprise_server2013, 2016+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-g6v8-9xmp-8q7p: A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP↗2022-05-24

▶

CVEList

Microsoft SharePoint Server Remote Code Execution Vulnerability↗2020-09-11

▶

📋Vendor Advisories

Microsoft

Microsoft SharePoint Server Remote Code Execution Vulnerability↗2020-09-08

▶