CVE-2020-1023

Published: May 21, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.

Affected (3)

Products: Microsoft: Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server

3 products

Sharepoint Enterprise Server

Sharepoint Foundation

Sharepoint Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Enterprise Server	Version 2016
Microsoft Sharepoint Foundation	Version 2013 sp1
Microsoft Sharepoint Server	Version 2019

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.