How severe is CVE-2020-1460?

High severity. CVSS v3 base score is 8.6 out of 10.

Is CVE-2020-1460 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Sharepoint Enterprise Server 2013 Service Pack 1

CVE-2020-1460

<p>A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a sp…

EPSS: 0.048 (89.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C.

Affected products

Microsoft Sharepoint Enterprise Server 2013 Service Pack 1 — versions 15.0.0
Microsoft Sharepoint Enterprise Server 2016 — versions 16.0.0
Microsoft Sharepoint Foundation 2010 Service Pack 2 — versions 13.0.0
Microsoft Sharepoint Foundation 2013 Service Pack 1 — versions 15.0.0
Microsoft Sharepoint Server 2019 — versions 16.0.0

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1460 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-1460?: CVE-2020-1460 is a high-severity vulnerability in Microsoft Sharepoint Enterprise Server 2013 Service Pack 1. CVSS score: 8.6/10. Published 2020-09-11.
How severe is CVE-2020-1460?: High severity. CVSS v3 base score is 8.6 out of 10.
Is CVE-2020-1460 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.