CVE-2020-16950 - OpenCVE

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Sharepoint Server

Configuration 1 [-]

cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16950

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2020-10-16T22:18:02

Updated: 2024-08-04T13:45:34.745Z

Reserved: 2020-08-04T00:00:00

Link: CVE-2020-16950

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-16T23:15:16.227

Modified: 2023-12-31T20:15:57.550

Link: CVE-2020-16950

Redhat

No data.

{"containers": {"cna": {"title": "Microsoft SharePoint Information Disclosure Vulnerability", "datePublic": "2020-10-13T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Server 2019", "cpes": ["cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>\n", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2023-12-31T19:20:21.132Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16950"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:45:34.745Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16950"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-16950", "datePublished": "2020-10-16T22:18:02", "dateReserved": "2020-08-04T00:00:00", "dateUpdated": "2024-08-04T13:45:34.745Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.</p>\n<p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>\n"}, {"lang": "es", "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft SharePoint Server presenta un fallo al manejar apropiadamente objetos en memoria, tambi\u00e9n se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\". Esta ID de CVE es diferente de CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16953"}], "id": "CVE-2020-16950", "lastModified": "2023-12-31T20:15:57.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2020-10-16T23:15:16.227", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16950"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}