Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-286
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une usurpation d'identité, une atteinte à la confidentialité des données et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft SharePoint Foundation 2013 Service Pack 1 | ||
| Microsoft | Office | Microsoft Excel 2013 RT Service Pack 1 | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 32 bits | ||
| Microsoft | Office | Microsoft Office 2019 pour Mac | ||
| Microsoft | Office | Microsoft Office 2019 pour éditions 64 bits | ||
| Microsoft | Office | Microsoft Office 2016 pour Mac | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 32 bits) | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (éditions 64 bits) | ||
| Microsoft | Office | Microsoft Excel 2013 Service Pack 1 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2016 | ||
| Microsoft | Office | Microsoft Excel 2010 Service Pack 2 (éditions 32 bits) | ||
| Microsoft | Office | Microsoft Excel 2016 (édition 64 bits) | ||
| Microsoft | Office | Microsoft SharePoint Server 2019 | ||
| Microsoft | Office | Microsoft SharePoint Server 2010 Service Pack 2 | ||
| Microsoft | Office | Microsoft SharePoint Enterprise Server 2013 Service Pack 1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 RT Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2016 pour Mac",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2016",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 32 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2010 Service Pack 2",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-1099",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1099"
},
{
"name": "CVE-2020-1024",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1024"
},
{
"name": "CVE-2020-1103",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1103"
},
{
"name": "CVE-2020-1102",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1102"
},
{
"name": "CVE-2020-1069",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1069"
},
{
"name": "CVE-2020-1104",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1104"
},
{
"name": "CVE-2020-1107",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1107"
},
{
"name": "CVE-2020-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0901"
},
{
"name": "CVE-2020-1023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1023"
},
{
"name": "CVE-2020-1106",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1106"
},
{
"name": "CVE-2020-1101",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1101"
},
{
"name": "CVE-2020-1105",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1105"
},
{
"name": "CVE-2020-1100",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1100"
}
],
"initial_release_date": "2020-05-13T00:00:00",
"last_revision_date": "2020-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-286",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une usurpation d\u0027identit\u00e9, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mai 2020",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CVE-2020-1100 (GCVE-0-2020-1100)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2025-02-28 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-1100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:12:32.319865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:08:04.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2010 Service Pack 2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:06.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
},
{
"version_value": "2010 Service Pack 2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1100",
"datePublished": "2020-05-21T22:53:06.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:08:04.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1023 (GCVE-0-2020-1023)
Vulnerability from cvelistv5
Published
2020-05-21 22:52
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:52:47",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1023",
"datePublished": "2020-05-21T22:52:47",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:00.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1102 (GCVE-0-2020-1102)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:07",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1102"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1102",
"datePublished": "2020-05-21T22:53:07",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:00.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1107 (GCVE-0-2020-1107)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 Version: 2013 Service Pack 1 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:09",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
},
{
"version_value": "2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1107",
"datePublished": "2020-05-21T22:53:09",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:01.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1104 (GCVE-0-2020-1104)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:08",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1104"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1104",
"datePublished": "2020-05-21T22:53:08",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:01.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0901 (GCVE-0-2020-0901)
Vulnerability from cvelistv5
Published
2020-05-21 22:52
Modified
2024-08-04 06:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise for 64-bit Systems |
Version: unspecified |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:18:03.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft 365 Apps for Enterprise for 64-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2019 for Mac"
},
{
"status": "affected",
"version": "2016 for Mac"
}
]
},
{
"product": "Microsoft Excel",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Microsoft 365 Apps for Enterprise for 32-bit Systems",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:52:44",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-0901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft 365 Apps for Enterprise for 64-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
},
{
"version_value": "2016 for Mac"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Microsoft 365 Apps for Enterprise for 32-bit Systems",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \u0027Microsoft Excel Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0901",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-0901",
"datePublished": "2020-05-21T22:52:44",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:18:03.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1101 (GCVE-0-2020-1101)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2025-02-28 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-1101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:12:21.873962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:07:50.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:07.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1101",
"datePublished": "2020-05-21T22:53:07.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:07:50.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1106 (GCVE-0-2020-1106)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2025-02-28 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-1106",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:32:39.674458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:32:51.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T14:06:05.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1106"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1106",
"datePublished": "2020-05-21T22:53:09.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:32:51.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1105 (GCVE-0-2020-1105)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1107.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-1104, CVE-2020-1107."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:08",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft SharePoint Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2020-1104, CVE-2020-1107."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1105",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1105",
"datePublished": "2020-05-21T22:53:09",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:01.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1024 (GCVE-0-2020-1024)
Vulnerability from cvelistv5
Published
2020-05-21 22:52
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:52:47",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \u0027Microsoft SharePoint Remote Code Execution Vulnerability\u0027. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1024",
"datePublished": "2020-05-21T22:52:47",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:00.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1069 (GCVE-0-2020-1069)
Vulnerability from cvelistv5
Published
2020-05-21 22:52
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka \u0027Microsoft SharePoint Server Remote Code Execution Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-25T22:06:11",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka \u0027Microsoft SharePoint Server Remote Code Execution Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1069"
},
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5147",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1069",
"datePublished": "2020-05-21T22:52:57",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:00.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1099 (GCVE-0-2020-1099)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2025-02-28 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:00.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1099"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-1099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-18T18:12:46.407318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:08:19.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:06.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \u0027Microsoft Office SharePoint XSS Vulnerability\u0027. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1099",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1099",
"datePublished": "2020-05-21T22:53:06.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:08:19.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1103 (GCVE-0-2020-1103)
Vulnerability from cvelistv5
Published
2020-05-21 22:53
Modified
2024-08-04 06:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server |
Version: 2016 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:25:01.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft SharePoint Enterprise Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
}
]
},
{
"product": "Microsoft SharePoint Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2019"
}
]
},
{
"product": "Microsoft SharePoint Foundation",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka \u0027Microsoft SharePoint Information Disclosure Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-21T22:53:07",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2020-1103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Enterprise Server",
"version": {
"version_data": [
{
"version_value": "2016"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint Foundation",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka \u0027Microsoft SharePoint Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1103",
"datePublished": "2020-05-21T22:53:08",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:25:01.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…