CVE-2020-16948

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description: An information disclosure issue exists due to improper handling of objects in memory by Microsoft SharePoint Server. This could allow a remote attacker to disclose protected information. To exploit the issue, an attacker would have to log on to an affected system and potentially run a specially crafted application. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: For Microsoft SharePoint Server, update the software to the latest version that addresses the issue. For Microsoft SharePoint Foundation, update the software to the latest version that addresses the issue. For Microsoft SharePoint Enterprise Server, update the software to the latest version that addresses the issue. As a temporary workaround, consider restricting access to sensitive information on affected systems until a patch is available.