Multiple vulnerabilities in Microsoft SharePoint



Published: 2020-10-13
Risk High
Patch available YES
Number of vulnerabilities 8
CVE ID CVE-2020-16944
CVE-2020-16953
CVE-2020-16948
CVE-2020-16942
CVE-2020-16941
CVE-2020-16952
CVE-2020-16951
CVE-2020-16950
CWE ID CWE-79
CWE-125
CWE-200
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe
Microsoft SharePoint Server
Server applications / Application servers

Microsoft SharePoint Foundation
Server applications / Application servers

Vendor Microsoft

Security Advisory

1) Cross-site scripting

Risk: Low

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-16944

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the SharePoint server. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2013, 2016, 2019

CPE External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16944

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

Risk: Low

CVSSv3: 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-16953

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling objects in memory within Microsoft SharePoint Server. A local user can create a specially crafted application and gain access to memory contents of an elevated process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2013, 2016, 2019

Microsoft SharePoint Foundation: 2010 Service Pack 2

CPE External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16953

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

Risk: Low

CVSSv3: 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-16948

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling objects in memory within Microsoft SharePoint Server. A local user can create a specially crafted application and gain access to memory contents of an elevated process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2013, 2016, 2019

Microsoft SharePoint Foundation: 2010 Service Pack 2

CPE External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16948

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

Risk: Low

CVSSv3: 3.6 [CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-16942

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. A local administrator can access to the specific SharePoint page and gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2013, 2016, 2019

Microsoft SharePoint Foundation: 2010 Service Pack 2

CPE External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

Risk: Low

CVSSv3: 3.6 [CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-16941

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. A local administrator can access to the specific SharePoint page and gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2013, 2016, 2019

Microsoft SharePoint Foundation: 2010 Service Pack 2

CPE External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

Risk: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-16952

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the Microsoft SharePoint fails to check the source markup of an application package. A remote attacker can upload a specially crafted SharePoint application package and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2013, 2016, 2019

CPE External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

Risk: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-16951

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the Microsoft SharePoint fails to check the source markup of an application package. A remote attacker can upload a specially crafted SharePoint application package and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2013, 2016, 2019

CPE External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

Risk: Low

CVSSv3: 4.4 [CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-16950

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling objects in memory within Microsoft SharePoint Server. A local user can create a specially crafted application and gain access to memory contents of an elevated process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Microsoft SharePoint Server: 2019

CPE External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16950

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.