Skip to main content

Sharepoint Enterprise Server CVE-2020-16952

HIGH
Origin Validation Error (CWE-346)
2020-10-16 secure@microsoft.com
8.6
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

1
CVE Published
Oct 16, 2020 - 23:15 cve.org
HIGH 8.6

DescriptionCVE.org

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>

AnalysisAI

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-346. <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> Affected products include: Microsoft Sharepoint Enterprise Server, Microsoft Sharepoint Foundation, Microsoft Sharepoint Server.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-49706 MEDIUM POC
6.5 Jul 08

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a networ

CVE-2017-0003 HIGH POC
7.8 Jan 10

Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted

CVE-2021-31181 HIGH POC
8.8 May 11

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely

CVE-2017-8742 HIGH
7.8 Sep 13

A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Serv

CVE-2020-1147 HIGH POC
7.8 Jul 14

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the softwar

CVE-2025-47166 HIGH POC
8.8 Jun 10

Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arb

CVE-2023-24955 HIGH POC
7.2 May 09

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is r

CVE-2023-21716 CRITICAL POC
9.8 Feb 14

Microsoft Word Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely e

CVE-2025-47163 HIGH
8.8 Jun 10

Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arb

CVE-2017-11936 HIGH
8.8 Dec 12

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests a

CVE-2025-29793 HIGH
7.2 Apr 08

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a ne

CVE-2022-21840 HIGH
8.8 Jan 11

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exp

Share

CVE-2020-16952 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy