CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-1595

CVSS 9.9v3.1pub. 2020-09-11upd. 2026-02-23

<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p> <p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p>

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Microsoft Sharepoint Enterprise Server

    APP
    Microsoft
    20132016
  • Microsoft Sharepoint Foundation

    APP
    Microsoft
    2013
  • Microsoft SharePoint Server

    APP
    Microsoft
    2019
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEDeserialization
CWE
References

Related vulnerabilities

CVE-2026-20963CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server

CVE-2025-53770CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE przez deserialization w Microsoft SharePoint Server (on-premises)

CVE-2023-29357CRITICAL9.8⚠ KEVten sam produkt

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVE-2019-0604CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the sour...

CVE-2024-33879CRITICAL9.8PL ✓ten sam produkt

Path traversal w Virto Bulk File Download dla SharePoint — pobieranie i usuwanie plików