CyberSec.Space Logo
Back to CVE Browser

CVE-2020-1147

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score34.1880%
EPSS Percentile91.73th
PublishedJul 14, 2020
Last ModifiedOct 29, 2025

Vulnerability Description

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

Affected Platforms (CPE)

πŸ“¦
Microsoft

.net Core

= 2.1
πŸ“¦
Microsoft

.net Core

= 3.1
πŸ“¦
Microsoft

.net Framework

= 2.0
πŸ“¦
Microsoft

.net Framework

= 3.0
πŸ“¦
Microsoft

.net Framework

= 3.5
πŸ“¦
Microsoft

.net Framework

= 4.6.2
πŸ“¦
Microsoft

.net Framework

= 4.7
πŸ“¦
Microsoft

.net Framework

= 4.7.1
πŸ“¦
Microsoft

.net Framework

= 4.7.2
πŸ“¦
Microsoft

.net Framework

= 4.6
πŸ“¦
Microsoft

.net Framework

= 4.6.1
πŸ“¦
Microsoft

.net Framework

= 4.8
πŸ“¦
Microsoft

.net Framework

= 3.5.1
πŸ“¦
Microsoft

.net Framework

= 4.5.2
πŸ“¦
Microsoft

Sharepoint Enterprise Server

= 2013
πŸ“¦
Microsoft

Sharepoint Enterprise Server

= 2016
πŸ“¦
Microsoft

Sharepoint Server

= 2010
πŸ“¦
Microsoft

Sharepoint Server

= 2019
πŸ“¦
Microsoft

Visual Studio 2017

>= 15.0 and <= 15.9
πŸ“¦
Microsoft

Visual Studio 2019

>= 16.0 and <= 16.6

References & Advisories

πŸ”— http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
πŸ”— http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
πŸ”— http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
πŸ”— https://www.exploitalert.com/view-details.html?id=35992
πŸ”— http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
πŸ”— http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
πŸ”— http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

Related Vulnerabilities

CVE-2017-102829.1

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0....

CVE-2019-25179.1

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Ea...

CVE-2020-262228.7

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, E...

CVE-2021-412388.6

Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or ...