Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-223
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une exécution de code à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Outlook 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Access 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Word 2016 (édition 32 bits) | ||
| Microsoft | Office | Office 365 ProPlus pour systèmes 32 bits | ||
| Microsoft | Office | Microsoft SharePoint Foundation 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Access 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Access 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Publisher 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Project 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft PowerPoint 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Publisher 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Project 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft PowerPoint 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Word 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Project 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 pour Mac | ||
| Microsoft | Office | Microsoft PowerPoint 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office Web Apps 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Access 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Word 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Project Server 2013 Service Pack 1 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Project 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Publisher 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office Online Server | ||
| Microsoft | Office | Microsoft Project 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Office 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Word 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Publisher 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Word 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Word 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft PowerPoint 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office Web Apps 2010 Service Pack 2 | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft Access 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Office 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Access 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft PowerPoint 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Outlook 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Word 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft PowerPoint 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Office 365 ProPlus pour 64 bits Systems | ||
| Microsoft | Office | Microsoft Publisher 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Office 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Server 2019 | ||
| Microsoft | Office | Microsoft SharePoint Server 2010 Service Pack 2 | ||
| Microsoft | Office | Microsoft Publisher 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Foundation 2010 Service Pack 2 | ||
| Microsoft | Office | Microsoft Project 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Outlook 2013 RT Service Pack 1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office 365 ProPlus pour syst\u00e8mes 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Project 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Project 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Project 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Web Apps 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Project Server 2013 Service Pack 1 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Project 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Online Server",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Project 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office Web Apps 2010 Service Pack 2",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Access 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Word 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft PowerPoint 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Office 365 ProPlus pour 64 bits Systems",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2010 Service Pack 2",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Publisher 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Foundation 2010 Service Pack 2",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Project 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Outlook 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-0933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0933"
},
{
"name": "CVE-2020-0929",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0929"
},
{
"name": "CVE-2020-0930",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0930"
},
{
"name": "CVE-2020-0931",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0931"
},
{
"name": "CVE-2020-0906",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0906"
},
{
"name": "CVE-2020-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0760"
},
{
"name": "CVE-2020-0954",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0954"
},
{
"name": "CVE-2020-0924",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0924"
},
{
"name": "CVE-2020-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0975"
},
{
"name": "CVE-2020-0961",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0961"
},
{
"name": "CVE-2020-0923",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0923"
},
{
"name": "CVE-2020-0977",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0977"
},
{
"name": "CVE-2020-0927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0927"
},
{
"name": "CVE-2020-0974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0974"
},
{
"name": "CVE-2020-0971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0971"
},
{
"name": "CVE-2020-0972",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0972"
},
{
"name": "CVE-2020-0979",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0979"
},
{
"name": "CVE-2020-0925",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0925"
},
{
"name": "CVE-2020-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0920"
},
{
"name": "CVE-2020-0978",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0978"
},
{
"name": "CVE-2020-0932",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0932"
},
{
"name": "CVE-2020-0926",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0926"
},
{
"name": "CVE-2020-0991",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0991"
},
{
"name": "CVE-2020-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0973"
},
{
"name": "CVE-2020-0980",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0980"
},
{
"name": "CVE-2020-0976",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0976"
}
],
"initial_release_date": "2020-04-15T00:00:00",
"last_revision_date": "2020-04-15T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-223",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code \u00e0 distance et une usurpation\nd\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 avril 2020",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CVE-2020-0931 (GCVE-0-2020-0931)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Foundation |
Version: 2013 Service Pack 1 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
},
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft Business Productivity Servers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:52",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
},
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft Business Productivity Servers",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0931",
"datePublished": "2020-04-15T15:12:52",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0927 (GCVE-0-2020-0927)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0927"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:06:58.650013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:10:05.227Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:50.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0927"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0927",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0927"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0927",
"datePublished": "2020-04-15T15:12:50.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:10:05.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0975 (GCVE-0-2020-0975)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:10",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0975"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0975",
"datePublished": "2020-04-15T15:13:10",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0926 (GCVE-0-2020-0926)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0926"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:07:18.544338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:10:20.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:50.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0926"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0926",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0926"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0926",
"datePublished": "2020-04-15T15:12:50.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:10:20.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0929 (GCVE-0-2020-0929)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:51",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0929",
"datePublished": "2020-04-15T15:12:51",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0961 (GCVE-0-2020-0961)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office |
Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Office 365 ProPlus",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "64-bit Systems"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka \u0027Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Office 365 ProPlus",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "64-bit Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka \u0027Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0961",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0961",
"datePublished": "2020-04-15T15:13:05",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0760 (GCVE-0-2020-0760)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Project |
Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:11:05.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Project",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Office 365 ProPlus",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "64-bit Systems"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Microsoft PowerPoint",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Microsoft Visio",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
}
]
},
{
"product": "Microsoft Word",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Microsoft Publisher 2016 (32-bit edition)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Publisher 2016 (64-bit edition)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Access",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
}
]
},
{
"product": "Microsoft Outlook",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
}
]
},
{
"product": "Microsoft Publisher 2013 Service Pack 1 (32-bit editions)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Publisher 2013 Service Pack 1 (64-bit editions)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Publisher",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka \u0027Microsoft Office Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0991."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:40",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Project",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Office 365 ProPlus",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "64-bit Systems"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Microsoft PowerPoint",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Microsoft Visio",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
}
]
}
},
{
"product_name": "Microsoft Word",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Microsoft Publisher 2016 (32-bit edition)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Publisher 2016 (64-bit edition)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Access",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
}
]
}
},
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
}
]
}
},
{
"product_name": "Microsoft Publisher 2013 Service Pack 1 (32-bit editions)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Publisher 2013 Service Pack 1 (64-bit editions)",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Publisher",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka \u0027Microsoft Office Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0991."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0760"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0760",
"datePublished": "2020-04-15T15:12:40",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:11:05.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0979 (GCVE-0-2020-0979)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0906.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Office 365 ProPlus |
Version: 32-bit Systems Version: 64-bit Systems |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office 365 ProPlus",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "64-bit Systems"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0906."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:12",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0979"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office 365 ProPlus",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "64-bit Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0906."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0979",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0979"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0979",
"datePublished": "2020-04-15T15:13:12",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0972 (GCVE-0-2020-0972)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:09",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0972"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0972",
"datePublished": "2020-04-15T15:13:09",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0971 (GCVE-0-2020-0971)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-04T19:06:10",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0971"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1398/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0971",
"datePublished": "2020-04-15T15:13:09",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0991 (GCVE-0-2020-0991)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0760.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office |
Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Office 365 ProPlus",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "64-bit Systems"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \u0027Microsoft Office Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0760."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:16",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Office 365 ProPlus",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "64-bit Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \u0027Microsoft Office Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0760."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0991",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0991",
"datePublished": "2020-04-15T15:13:16",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0930 (GCVE-0-2020-0930)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0930"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:06:46.550952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:09:49.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:51.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0930"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0930",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0930"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0930",
"datePublished": "2020-04-15T15:12:51.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:09:49.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0977 (GCVE-0-2020-0977)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0976.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0976."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:11",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0977",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0977",
"datePublished": "2020-04-15T15:13:11",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0933 (GCVE-0-2020-0933)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:06:33.319279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:09:34.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:53.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0933"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0933",
"datePublished": "2020-04-15T15:12:53.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:09:34.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0925 (GCVE-0-2020-0925)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:07:37.857363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:10:34.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:49.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0925",
"datePublished": "2020-04-15T15:12:49.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:10:34.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0906 (GCVE-0-2020-0906)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Office |
Version: 2019 for 32-bit editions Version: 2019 for 64-bit editions Version: 2016 (32-bit edition) Version: 2016 (64-bit edition) Version: 2010 Service Pack 2 (32-bit editions) Version: 2010 Service Pack 2 (64-bit editions) Version: 2013 RT Service Pack 1 Version: 2013 Service Pack 1 (32-bit editions) Version: 2013 Service Pack 1 (64-bit editions) |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Office 365 ProPlus",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "64-bit Systems"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0979."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:45",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Office 365 ProPlus",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "64-bit Systems"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0979."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0906",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0906",
"datePublished": "2020-04-15T15:12:45",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0932 (GCVE-0-2020-0932)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:52",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0932",
"datePublished": "2020-04-15T15:12:52",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0954 (GCVE-0-2020-0954)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2025-02-28 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0954"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:13:29.948146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:09:20.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft Project Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit edition)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft Project Server",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1 (64-bit edition)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0954",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0954",
"datePublished": "2020-04-15T15:13:01.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:09:20.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0973 (GCVE-0-2020-0973)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2025-02-28 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0978.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0973"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:05:00.987089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:09:05.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2010 Service Pack 2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0978."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:09.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0973"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
},
{
"version_value": "2010 Service Pack 2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0973",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0973"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0973",
"datePublished": "2020-04-15T15:13:10.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:09:05.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0974 (GCVE-0-2020-0974)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:10",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0974"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0974",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0974"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0974",
"datePublished": "2020-04-15T15:13:10",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0980 (GCVE-0-2020-0980)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2010 Service Pack 2"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2019 for Mac"
},
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
}
]
},
{
"product": "Office 365 ProPlus",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "64-bit Systems"
}
]
},
{
"product": "Microsoft Office Online Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Word",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Microsoft Office Web Apps",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:13",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
},
{
"version_value": "2010 Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
}
]
}
},
{
"product_name": "Office 365 ProPlus",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "64-bit Systems"
}
]
}
},
{
"product_name": "Microsoft Office Online Server",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Word",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Microsoft Office Web Apps",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka \u0027Microsoft Word Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0980",
"datePublished": "2020-04-15T15:13:13",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0923 (GCVE-0-2020-0923)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:14:19.767593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:11:08.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:48.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0923",
"datePublished": "2020-04-15T15:12:49.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:11:08.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0976 (GCVE-0-2020-0976)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:11",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0976"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0976",
"datePublished": "2020-04-15T15:13:11",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0978 (GCVE-0-2020-0978)
Vulnerability from cvelistv5
Published
2020-04-15 15:13
Modified
2025-02-28 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:13:12.056412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:08:51.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:13:12.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0978"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0978",
"datePublished": "2020-04-15T15:13:12.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:08:51.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0924 (GCVE-0-2020-0924)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2025-02-28 20:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:14:10.764859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:10:53.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:49.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-0923, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0954, CVE-2020-0973, CVE-2020-0978."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0924",
"datePublished": "2020-04-15T15:12:49.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:10:53.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0920 (GCVE-0-2020-0920)
Vulnerability from cvelistv5
Published
2020-04-15 15:12
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T15:12:48",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0920"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0920",
"datePublished": "2020-04-15T15:12:48",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…