Vulnerability Description
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sharepoint Enterprise Server | 2016 |
| Microsoft | Sharepoint Foundation | 2010 |
| Microsoft | Sharepoint Server | 2019 |
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1694PatchVendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1694PatchVendor Advisory
FAQ
What is CVE-2020-16948?
CVE-2020-16948 is a vulnerability with a CVSS score of 6.5 (MEDIUM). <p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain in...
How severe is CVE-2020-16948?
CVE-2020-16948 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-16948?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Enterprise Server, Microsoft Sharepoint Foundation, Microsoft Sharepoint Server.