Unrated severityNVD Advisory· Published Oct 16, 2020· Updated Aug 4, 2024

Microsoft SharePoint Remote Code Execution Vulnerability

CVE-2020-16952

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

Affected products

Microsoft/Sharepoint Serverv52 versions
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*+ 1 more
- cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*range: 16.0.0
- cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*range: 16.0.0
Microsoft/Sharepoint Foundationv5
cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
Range: 15.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-Code-Execution.htmlmitrex_refsource_MISC
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.060
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000