CVE-2020-1147

high

Description

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

References

https://www.exploitalert.com/view-details.html?id=35992

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147

http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html

Details

Source: Mitre, NVD

Published: 2020-07-14

Updated: 2025-02-11

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.92846