CVE-2020-1595: Microsoft SharePoint Remote Code Execution Vulnerability
First published: Fri Sep 11 2020(Updated: )
<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p> <p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p>
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =2013-sp1 | ||
| =2016 | ||
| =2013-sp1 | ||
| =2019 | ||
| Microsoft SharePoint Enterprise Server | =2013-sp1 | |
| Microsoft SharePoint Enterprise Server | =2016 | |
| Microsoft SharePoint Foundation | =2013-sp1 | |
| Microsoft SharePoint Server | =2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-1595?
CVE-2020-1595 is a remote code execution vulnerability in Microsoft SharePoint where APIs aren't properly protected from unsafe data input.
How does CVE-2020-1595 affect Microsoft SharePoint?
CVE-2020-1595 affects multiple versions of Microsoft SharePoint, including SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, and SharePoint Server 2019.
What is the severity of CVE-2020-1595?
CVE-2020-1595 has a severity rating of 8.8 (high).
How can I fix CVE-2020-1595?
Follow the guidance provided by Microsoft at the following link: [Microsoft Security Guidance Advisory for CVE-2020-1595](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595)
What is the CWE ID for CVE-2020-1595?
The Common Weakness Enumeration (CWE) ID for CVE-2020-1595 is 494.
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/softwarecombine
- agent/references
- agent/title
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft sharepoint enterprise server
- version/microsoft sharepoint enterprise server/2013-sp1
- version/microsoft sharepoint enterprise server/2016
- canonical/microsoft sharepoint foundation
- version/microsoft sharepoint foundation/2013-sp1
- canonical/microsoft sharepoint server
- version/microsoft sharepoint server/2019