Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-1499— Microsoft SharePoint Spoofing Vulnerability

EPSS 1.56% · P82
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-1499

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Microsoft SharePoint Spoofing Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft SharePoint 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft SharePoint是美国微软(Microsoft)公司的一套企业业务协作平台。该平台用于对业务信息进行整合,并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。 Microsoft SharePoint中存在安全漏洞,该漏洞源于程序没有正确处理发往SharePoint服务器的请求。攻击者可借助特制请求利用该漏洞在当前用户的安全上下文中运行脚本。以下产品及版本受到影响:Microsoft SharePoint Enterprise Server 2013 SP1,Shar
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MicrosoftMicrosoft SharePoint Enterprise Server 2016 16.0.0 ~ publication cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
MicrosoftMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 15.0.0 ~ publication cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*
MicrosoftMicrosoft SharePoint Server 2019 16.0.0 ~ publication cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*
MicrosoftMicrosoft SharePoint Foundation 2010 Service Pack 2 13.0.0 ~ publication cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:foundation:*:*:*
MicrosoftMicrosoft SharePoint Foundation 2013 Service Pack 1 15.0.0 ~ publication cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*

II. Public POCs for CVE-2020-1499

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-1499

登录查看更多情报信息。

Same Patch Batch · Microsoft · 2020-08-17 · 121 CVEs total

CVE-2020-146710.0 CRITICALWindows Hard Link Elevation of Privilege Vulnerability
CVE-2020-15838.8 HIGHMicrosoft Word Information Disclosure Vulnerability
CVE-2020-15048.8 HIGHMicrosoft Excel Remote Code Execution Vulnerability
CVE-2020-15528.0 HIGHWindows Work Folder Service Elevation of Privilege Vulnerability
CVE-2020-15217.8 HIGHWindows Speech Runtime Elevation of Privilege Vulnerability
CVE-2020-15347.8 HIGHWindows Backup Service Elevation of Privilege Vulnerability
CVE-2020-15337.8 HIGHWindows WalletService Elevation of Privilege Vulnerability
CVE-2020-15317.8 HIGHWindows Accounts Control Elevation of Privilege Vulnerability
CVE-2020-15307.8 HIGHWindows Remote Access Elevation of Privilege Vulnerability
CVE-2020-15297.8 HIGHWindows GDI Elevation of Privilege Vulnerability
CVE-2020-15287.8 HIGHWindows Radio Manager API Elevation of Privilege Vulnerability
CVE-2020-15277.8 HIGHWindows Custom Protocol Engine Elevation of Privilege Vulnerability
CVE-2020-15267.8 HIGHWindows Network Connection Broker Elevation of Privilege Vulnerability
CVE-2020-15257.8 HIGHMedia Foundation Memory Corruption Vulnerability
CVE-2020-15247.8 HIGHWindows Speech Shell Components Elevation of Privilege Vulnerability
CVE-2020-15137.8 HIGHWindows CSC Service Elevation of Privilege Vulnerability
CVE-2020-15167.8 HIGHWindows Work Folders Service Elevation of Privilege Vulnerability
CVE-2020-15157.8 HIGHWindows Telephony Server Elevation of Privilege Vulnerability
CVE-2020-15177.8 HIGHWindows File Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2020-15127.8 HIGHWindows State Repository Service Information Disclosure Vulnerability

Showing top 20 of 121 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Microsoft SharePoint Enterprise Server 2016
Same vendor: Microsoft

V. Comments for CVE-2020-1499

No comments yet

Leave a comment