CVE-2020-1453

Published: Sep 11, 2020Modified: Feb 23, 2026

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Exploitability: 3.9 / Impact: 4.7

Source: NVD (Secondary)

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

Affected (5)

Products: Microsoft: Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server

Microsoft

3 products

Sharepoint Enterprise Server

Sharepoint Foundation

Sharepoint Server

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Enterprise Server	Version 2013 sp1
Microsoft Sharepoint Enterprise Server	Version 2016
Microsoft Sharepoint Foundation	Version 2010 sp2
Microsoft Sharepoint Foundation	Version 2013 sp1
Microsoft Sharepoint Server	Version 2019

Related CWEs

CWE-494

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.