How severe is CVE-2020-16952?

High severity. CVSS v3 base score is 8.6 out of 10.

Is CVE-2020-16952 known to be exploited?

18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Sharepoint Enterprise Server 2016

CVE-2020-16952

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the…

EPSS: 0.751 (98.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C.

Affected products

Microsoft Sharepoint Enterprise Server 2016 — versions 16.0.0
Microsoft Sharepoint Foundation 2013 Service Pack 1 — versions 15.0.0
Microsoft Sharepoint Server 2019 — versions 16.0.0

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 (x_refsource_MISC)
packetstormsecurity.com/files/159612/Microsoft-SharePoint-SSI-ViewState-Remote-… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-16952?: CVE-2020-16952 is a high-severity vulnerability in Microsoft Sharepoint Enterprise Server 2016. CVSS score: 8.6/10. Published 2020-10-16.
How severe is CVE-2020-16952?: High severity. CVSS v3 base score is 8.6 out of 10.
Is CVE-2020-16952 known to be exploited?: 18 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.