Sharepoint Enterprise Server
CVE-2020-16948
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>
AnalysisAI
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p> Affected products include: Microsoft Sharepoint Enterprise Server, Microsoft Sharepoint Foundation, Microsoft Sharepoint Server.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sharepoint Enterprise Server
View allImproper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a networ
Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted
Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source mark
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Serv
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar
Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arb
Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is r
Microsoft Word Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely e
Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arb
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests a
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a ne
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today