How severe is CVE-2020-1595?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Is CVE-2020-1595 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Sharepoint Enterprise Server 2013 Service Pack 1

CVE-2020-1595

<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Sh…

EPSS: 0.005 (67.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C.

Affected products

Microsoft Sharepoint Enterprise Server 2013 Service Pack 1 — versions 15.0.0
Microsoft Sharepoint Enterprise Server 2016 — versions 16.0.0
Microsoft Sharepoint Foundation 2013 Service Pack 1 — versions 15.0.0
Microsoft Sharepoint Server 2019 — versions 16.0.0

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-1595?: CVE-2020-1595 is a critical-severity vulnerability in Microsoft Sharepoint Enterprise Server 2013 Service Pack 1. CVSS score: 9.9/10. Published 2020-09-11.
How severe is CVE-2020-1595?: Critical severity. CVSS v3 base score is 9.9 out of 10.
Is CVE-2020-1595 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.