Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-16952
HistoryOct 16, 2020 - 11:15 p.m.

CVE-2020-16952

2020-10-1623:15:16
CWE-346
[email protected]
web.nvd.nist.gov
1

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

0.909 High

EPSS

Percentile

98.9%

JSON

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>

Affected configurations

NVD
Node
microsoftsharepoint_enterprise_serverMatch2016
OR
microsoftsharepoint_foundationMatch2013sp1
OR
microsoftsharepoint_serverMatch2019

Related

checkpoint_advisories 1
cvelist 1
metasploit 1
mscve 1
cisa 1
prion 1
srcincite 1
packetstorm 1
nuclei 1
cve 1
zdt 1
attackerkb 1
qualysblog 1
rapid7blog 2
nessus 3
mskb 3
threatpost 1
kaspersky 1
avleonov 1
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Remote Code Execution (CVE-2020-16952)
2020-10-20 00:00:00
cvelist
cvelist
CVE-2020-16952 Microsoft SharePoint Remote Code Execution Vulnerability
2020-10-16 22:18:03
metasploit
metasploit
Microsoft SharePoint Server-Side Include and ViewState RCE
2020-10-14 22:45:15
mscve
mscve
Microsoft SharePoint Remote Code Execution Vulnerability
2020-10-13 07:00:00
cisa
cisa
NCSC Releases Alert on Microsoft SharePoint Vulnerability
2020-10-16 00:00:00
prion
prion
Remote code execution
2020-10-16 23:15:00
srcincite
srcincite
SRC-2020-0022 : Microsoft SharePoint Server DataFormWebPart CreateChildControls Server-Side Include Remote Code Execution Vulnerability
2020-07-06 00:00:00
packetstorm
packetstorm
Microsoft SharePoint SSI / ViewState Remote Code Execution
2020-10-19 00:00:00
nuclei
nuclei
Microsoft SharePoint - Remote Code Execution
2020-10-14 08:49:48
cve
cve
CVE-2020-16952
2020-10-16 23:15:16
zdt
zdt
Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit
2020-10-19 00:00:00
attackerkb
attackerkb
CVE-2020-16952 — Microsoft SharePoint Remote Code Execution Vulnerabilities
2020-10-16 00:00:00
qualysblog
qualysblog
October 2020 Patch Tuesday – 87 Vulnerabilities, 11 Critical, SharePoint, TCP/IP Stack, Graphics, Adobe Vulns
2020-10-13 18:52:03
rapid7blog
rapid7blog
Metasploit Wrap-Up
2020-10-23 18:56:55
Patch Tuesday - October 2020
2020-10-13 23:25:39
nessus
nessus
Security Updates for Microsoft SharePoint Server 2016 (October 2020)
2020-10-13 00:00:00
Security Updates for Microsoft SharePoint Server 2013 (October 2020)
2020-10-13 00:00:00
Security Updates for Microsoft SharePoint Server 2019 (October 2020)
2020-10-13 00:00:00
mskb
mskb
Description of the security update for SharePoint Enterprise Server 2016: October 13, 2020
2020-10-13 07:00:00
Description of the security update for SharePoint Server 2019: October 13, 2020
2020-10-13 07:00:00
Description of the security update for SharePoint Foundation 2013: October 13, 2020
2020-10-13 07:00:00
threatpost
threatpost
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
2020-10-13 20:44:01
kaspersky
kaspersky
KLA11976 Multiple vulnerabilites in Microsoft Office
2020-10-13 00:00:00
avleonov
avleonov
Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020
2021-01-11 01:50:44

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

0.909 High

EPSS

Percentile

98.9%

JSON
Related for NVD:CVE-2020-16952
checkpoint_advisories1cvelist1metasploit1mscve1cisa1prion1srcincite1packetstorm1nuclei1cve1zdt1attackerkb1qualysblog1rapid7blog2nessus3mskb3threatpost1kaspersky1avleonov1