<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p> <p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p>
History

Mon, 18 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2020-09-11T17:09:27

Updated: 2024-11-18T16:16:36.616Z

Reserved: 2019-11-04T00:00:00

Link: CVE-2020-1595

cve-icon Vulnrichment

Updated: 2024-08-04T06:39:10.503Z

cve-icon NVD

Status : Modified

Published: 2020-09-11T17:15:21.903

Modified: 2024-11-21T05:10:55.210

Link: CVE-2020-1595

cve-icon Redhat

No data.