CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-1210

CVSS 9.9v3.1pub. 2020-09-11upd. 2026-02-23

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Microsoft Sharepoint Enterprise Server

    APP
    Microsoft
    20132016
  • Microsoft Sharepoint Foundation

    APP
    Microsoft
    20102013
  • Microsoft SharePoint Server

    APP
    Microsoft
    2019
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-20963CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server

CVE-2025-53770CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserialization w Microsoft SharePoint Server (on-premises)

CVE-2023-29357CRITICAL9.8⚠ KEVten sam produkt

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVE-2019-0604CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the sour...

CVE-2024-33879CRITICAL9.8PL ✓ten sam produkt

Path traversal w Virto Bulk File Download dla SharePoint — pobieranie i usuwanie plików