Published: 11/09/2020 Updated: 31/12/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input. The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft sharepoint foundation 2013
microsoft sharepoint enterprise server 2016
microsoft sharepoint enterprise server 2013
microsoft sharepoint server 2019

Enjoyed the US Labor Day weekend? Because it's September 2020 and Exchange Server can be pwned via email

The Register • Shaun Nichols in San Francisco • 08 Sep 2020

Don't be so smug, Mac users, you're open to an InDesign project file

A nightmare flaw for Exchange Server headlines this month's Patch Tuesday lineup from Microsoft and others. September sees a bundle of 129 CVE-listed flaws patched by Microsoft. The vast majority of those, 105 in total, are classified as 'important' risks. Another 23 are considered critical bugs, and one is listed as moderate. None of the bugs have public exploit code or in-the-wild attacks yet. Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says that far and away ...

CVE-2020-1595

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect