CVE-2020-16952
Microsoft SharePoint Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SharePoint cuando el software presenta un fallo al comprobar el código fuente de un paquete de aplicación, también se conoce como "Microsoft SharePoint Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-16951
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-04 CVE Reserved
- 2020-10-16 CVE Published
- 2024-04-25 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-346: Origin Validation Error
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://srcincite.io/advisories/src-2020-0022 | ||
https://srcincite.io/pocs/cve-2020-16952.py.txt |
URL | Date | SRC |
---|---|---|
http://packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-Code-Execution.html | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 | 2020-10-13 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Sharepoint Enterprise Server Search vendor "Microsoft" for product "Sharepoint Enterprise Server" | 2016 Search vendor "Microsoft" for product "Sharepoint Enterprise Server" and version "2016" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Sharepoint Foundation Search vendor "Microsoft" for product "Sharepoint Foundation" | 2013 Search vendor "Microsoft" for product "Sharepoint Foundation" and version "2013" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Sharepoint Server Search vendor "Microsoft" for product "Sharepoint Server" | 2019 Search vendor "Microsoft" for product "Sharepoint Server" and version "2019" | - |
Affected
|