First published: Wed Apr 15 2020(Updated: )
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SharePoint | ||
Microsoft SharePoint Enterprise Server | =2016 | |
Microsoft SharePoint Foundation | =2010-sp2 | |
Microsoft SharePoint Foundation | =2013-sp1 | |
Microsoft SharePoint Server | =2019 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-0971 is a vulnerability in Microsoft SharePoint Server that allows remote attackers to disclose sensitive information.
CVE-2020-0971 has a severity rating of 8.8 (high).
This vulnerability can be exploited by remote attackers with authentication by manipulating web parts of type DataFormWebPart.
Microsoft SharePoint Server 2016, 2010 with SP2, 2013 with SP1, and 2019 are affected by CVE-2020-0971.
Yes, Microsoft has released a security update to address the vulnerability described in CVE-2020-0971. It is recommended to apply the latest updates to protect your system.