Vulnerability Description
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sharepoint Enterprise Server | 2013 |
| Microsoft | Sharepoint Foundation | 2010 |
| Microsoft | Sharepoint Server | 2019 |
Related Weaknesses (CWE)
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210PatchVendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210PatchVendor Advisory
FAQ
What is CVE-2020-1210?
CVE-2020-1210 is a vulnerability with a CVSS score of 9.9 (CRITICAL). <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnera...
How severe is CVE-2020-1210?
CVE-2020-1210 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-1210?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Enterprise Server, Microsoft Sharepoint Foundation, Microsoft Sharepoint Server.