CVE-2020-16942

Published: Oct 16, 2020Modified: Feb 23, 2026

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD (Secondary)

Description

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability. The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.

Affected (4)

Products: Microsoft: Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server

Microsoft

3 products

Sharepoint Enterprise Server

Sharepoint Foundation

Sharepoint Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Enterprise Server	Version 2016
Microsoft Sharepoint Foundation	Version 2010 sp2
Microsoft Sharepoint Foundation	Version 2013 sp1
Microsoft Sharepoint Server	Version 2019

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.