CVE-2020-1595

Published: Sep 11, 2020Modified: Feb 23, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD (Secondary)

Description

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input. The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.

Affected (4)

Products: Microsoft: Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server

Microsoft

3 products

Sharepoint Enterprise Server

Sharepoint Foundation

Sharepoint Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Enterprise Server	Version 2013 sp1
Microsoft Sharepoint Enterprise Server	Version 2016
Microsoft Sharepoint Foundation	Version 2013 sp1
Microsoft Sharepoint Server	Version 2019

Related CWEs

CWE-494

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.