Sep 2020: Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1210 Published on September 11, 2020
Microsoft SharePoint Remote Code Execution Vulnerability
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p>
<p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p>
<p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
Products Associated with CVE-2020-1210
stack.watch emails you whenever new vulnerabilities are published in Microsoft Sharepoint Server or Microsoft Business Productivity Servers. Just hit a watch button to start following.
Affected Versions
Microsoft SharePoint Enterprise Server 2016:- Version 16.0.0 and below publication is affected.
- Version 13.0.0.0 and below publication is affected.
- Version 13.0.0.0 and below publication is affected.
- Version 15.0.0 and below publication is affected.
- Version 16.0.0 and below publication is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.