Vulnerability Description
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p> <p>To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.</p> <p>The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.</p>
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sharepoint Enterprise Server | 2016 |
| Microsoft | Sharepoint Foundation | 2010 |
| Microsoft | Sharepoint Server | 2019 |
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1694PatchVendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1694PatchVendor Advisory
FAQ
What is CVE-2020-16941?
CVE-2020-16941 is a vulnerability with a CVSS score of 4.1 (MEDIUM). <p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this i...
How severe is CVE-2020-16941?
CVE-2020-16941 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-16941?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Enterprise Server, Microsoft Sharepoint Foundation, Microsoft Sharepoint Server.