PT-2020-4328 · Microsoft · Sharepoint Server+1
Published
2020-10-13
·
Updated
2025-09-09
·
CVE-2020-16952
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:N/C:P/I:C/A:P |
Name of the Vulnerable Software and Affected Versions:
Microsoft SharePoint Server (affected versions not specified)
Microsoft SharePoint Foundation (affected versions not specified)
Microsoft SharePoint Enterprise Server (affected versions not specified)
Description:
A remote code execution issue exists in Microsoft SharePoint due to the software's failure to properly check the source markup of an application package. This could allow an attacker to run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation requires a user to upload a specially crafted SharePoint application package to an affected version of SharePoint.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sharepoint Server
Sharepoint Foundation