Vulnerability Description
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sharepoint Enterprise Server | 2016 |
| Microsoft | Sharepoint Foundation | 2013 |
| Microsoft | Sharepoint Server | 2019 |
Related Weaknesses (CWE)
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1695PatchVendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1695PatchVendor Advisory
FAQ
What is CVE-2020-16951?
CVE-2020-16951 is a vulnerability with a CVSS score of 8.6 (HIGH). <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnera...
How severe is CVE-2020-16951?
CVE-2020-16951 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-16951?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Enterprise Server, Microsoft Sharepoint Foundation, Microsoft Sharepoint Server.