Published: 11/09/2020 Updated: 31/12/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.6 | Impact Score: 4.7 | Exploitability Score: 3.9

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process. To exploit the vulnerability, an authenticated user must create and invoke a specially crafted page on an affected version of Microsoft SharePoint Server. The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles processing of created content.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft sharepoint foundation 2010
microsoft sharepoint foundation 2013
microsoft sharepoint enterprise server 2016
microsoft sharepoint enterprise server 2013
microsoft sharepoint server 2019

NVD-CWE-noinfo https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-1460

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect