Vulnerability Description
<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p> <p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p>
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sharepoint Enterprise Server | 2013 |
| Microsoft | Sharepoint Foundation | 2013 |
| Microsoft | Sharepoint Server | 2019 |
Related Weaknesses (CWE)
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595PatchVendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595PatchVendor Advisory
FAQ
What is CVE-2020-1595?
CVE-2020-1595 is a vulnerability with a CVSS score of 9.9 (CRITICAL). <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run ...
How severe is CVE-2020-1595?
CVE-2020-1595 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-1595?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Enterprise Server, Microsoft Sharepoint Foundation, Microsoft Sharepoint Server.