{"containers": {"cna": {"title": "Microsoft SharePoint Information Disclosure Vulnerability", "datePublic": "2020-08-11T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016", "cpes": ["cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server 2019", "cpes": ["cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Foundation 2013 Service Pack 1", "cpes": ["cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server 2010 Service Pack 2", "cpes": ["cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "13.0.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.\n", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T16:33:05.436Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:39:10.367Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1505", "datePublished": "2020-08-17T19:13:19", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:39:10.367Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*", "matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "F71184B1-7461-4A05-A5D2-03D9EDDC30D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.\nThe security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.\n"}, {"lang": "es", "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el Microsoft SharePoint Server presenta un fallo al manejar apropiadamente objetos en memoria, tambi\u00e9n se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\"'."}], "id": "CVE-2020-1505", "lastModified": "2024-11-21T05:10:42.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2020-08-17T19:15:16.943", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1505"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}