← Retour aux CVEs
CVE-2020-1147
HIGHCISA KEV7.8
Description
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie7/14/2020
Derniere modification10/29/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurMicrosoft
Produit.NET Framework, SharePoint, Visual Studio
Nom vulnerabiliteMicrosoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown
Produits affectes
microsoft:.net_coremicrosoft:.net_frameworkmicrosoft:sharepoint_enterprise_servermicrosoft:sharepoint_servermicrosoft:visual_studio_2017microsoft:visual_studio_2019microsoft:windows_10microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019
References
http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html(secure@microsoft.com)
http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html(secure@microsoft.com)
http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147(secure@microsoft.com)
https://www.exploitalert.com/view-details.html?id=35992(secure@microsoft.com)
http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploitalert.com/view-details.html?id=35992(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1147(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.