Lucene search
AnonymousZDI-20-1412HistoryDec 09, 2020 - 12:00 a.m.
Microsoft SharePoint Site Import Directory Traversal Remote Code Execution Vulnerability
2020-12-0900:00:00
Anonymous
www.zerodayinitiative.com
26
0.021 Low
EPSS
Percentile
89.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportWeb function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.
Related
mscve
mscve
Microsoft SharePoint Remote Code Execution Vulnerability
2020-12-08 08:00:00
prion
prion
Remote code execution
2020-12-10 00:15:00
cve
cve
CVE-2020-17121
2020-12-10 00:15:14
checkpoint_advisories
checkpoint_advisories
Microsoft SharePoint Remote Code Execution (CVE-2020-17121)
2020-12-08 00:00:00
cvelist
cvelist
CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability
2020-12-09 23:36:45
nvd
nvd
CVE-2020-17121
2020-12-10 00:15:14
nessus
nessus
Security Updates for Microsoft SharePoint Server 2019 (December 2020)
2020-12-10 00:00:00
Security Updates for Microsoft SharePoint Server 2013 (December 2020)
2020-12-10 00:00:00
Security Updates for Microsoft SharePoint Server 2016 (December 2020)
2020-12-10 00:00:00
mskb
mskb
thn
thn
Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws
2020-12-09 04:57:00
threatpost
threatpost
Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays
2020-12-08 20:23:30
qualysblog
qualysblog
kaspersky
kaspersky
KLA12023 Multiple vulnerabilities in Microsoft Office
2020-12-08 00:00:00
avleonov
avleonov
rapid7blog
rapid7blog
Patch Tuesday - December 2020
2020-12-08 21:36:27