8.8
CVE-2020-1069
- EPSS 26.55%
- Veröffentlicht 21.05.2020 23:15:12
- Zuletzt bearbeitet 21.11.2024 05:09:41
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
LoginA remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Sharepoint Enterprise Server Version2016
Microsoft ≫ Sharepoint Foundation Version2013 Updatesp1
Microsoft ≫ Sharepoint Server Version2019
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 26.55% | 0.964 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.