6.8
CVSSv2

CVE-2020-16951

Published: 16/10/2020 Updated: 21/10/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Microsoft SharePoint could allow a remote malicious user to execute arbitrary code on the system, caused by the failure to check the source markup of an application package. By persuading a victim to upload a specially crafted SharePoint application package, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.

Vulnerability Trend

Recent Articles

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
Threatpost • Tara Seals • 13 Oct 2020

Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable.
There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public exploit is already circulating for this group.
This month’s Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, ...