CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-1147

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score34.1880%
EPSS Percentile91.73th
Published2020年7月14日
Last Modified2025年10月29日

Vulnerability Description

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

Affected Platforms (CPE)

📦
Microsoft

.net Core

= 2.1
📦
Microsoft

.net Core

= 3.1
📦
Microsoft

.net Framework

= 2.0
📦
Microsoft

.net Framework

= 3.0
📦
Microsoft

.net Framework

= 3.5
📦
Microsoft

.net Framework

= 4.6.2
📦
Microsoft

.net Framework

= 4.7
📦
Microsoft

.net Framework

= 4.7.1
📦
Microsoft

.net Framework

= 4.7.2
📦
Microsoft

.net Framework

= 4.6
📦
Microsoft

.net Framework

= 4.6.1
📦
Microsoft

.net Framework

= 4.8
📦
Microsoft

.net Framework

= 3.5.1
📦
Microsoft

.net Framework

= 4.5.2
📦
Microsoft

Sharepoint Enterprise Server

= 2013
📦
Microsoft

Sharepoint Enterprise Server

= 2016
📦
Microsoft

Sharepoint Server

= 2010
📦
Microsoft

Sharepoint Server

= 2019
📦
Microsoft

Visual Studio 2017

>= 15.0 and <= 15.9
📦
Microsoft

Visual Studio 2019

>= 16.0 and <= 16.6

References & Advisories

🔗 http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
🔗 http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
🔗 http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
🔗 https://www.exploitalert.com/view-details.html?id=35992
🔗 http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
🔗 http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
🔗 http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

関連する脆弱性情報

CVE-2017-102829.1

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0....

CVE-2019-25179.1

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 18c. Ea...

CVE-2020-262228.7

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, E...

CVE-2021-412388.6

Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or ...