Vulnerability-Lookup

CVE-2020-16942 (GCVE-0-2020-16942)

Vulnerability from cvelistv5 – Published: 2020-10-16 22:17 – Updated: 2024-08-04 13:45

Title

Microsoft SharePoint Information Disclosure Vulnerability

Summary

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability. The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.

Severity ?

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE

Information Disclosure

Assigner

microsoft

References

URL

GSD-2020-16942

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.

Aliases

CVE-2020-16942

Aliases

CVE-2020-16942

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-16942",
    "description": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka \u0027Microsoft SharePoint Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.",
    "id": "GSD-2020-16942"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-16942"
      ],
      "details": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka \u0027Microsoft SharePoint Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.",
      "id": "GSD-2020-16942",
      "modified": "2023-12-13T01:21:46.258569Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2020-16942",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft SharePoint Enterprise Server 2016",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft SharePoint Server 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft SharePoint Foundation 2010 Service Pack 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "13.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft SharePoint Foundation 2013 Service Pack 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\u003cp\u003eAn information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.\u003c/p\u003e\n\u003cp\u003eTo take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.\u003c/p\u003e\n"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*",
                    "matchCriteriaId": "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*",
                    "matchCriteriaId": "F71184B1-7461-4A05-A5D2-03D9EDDC30D5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "\u003cp\u003eAn information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.\u003c/p\u003e\n\u003cp\u003eTo take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.\u003c/p\u003e\n"
          },
          {
            "lang": "es",
            "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft SharePoint Server divulga inapropiadamente su estructura de carpetas al renderizar p\u00e1ginas web espec\u00edficas, tambi\u00e9n se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\".\u0026#xa0;Este ID de CVE es diferente de CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953"
          }
        ],
        "id": "CVE-2020-16942",
        "lastModified": "2023-12-31T20:15:55.967",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "LOW",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 2.1,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "NONE",
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 0.5,
              "impactScore": 3.6,
              "source": "secure@microsoft.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 0.8,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2020-10-16T23:15:15.820",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

GHSA-HHW5-X523-G8HV

Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2023-12-31 21:30

Details

Severity ?

4.1 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-16942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-16T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka \u0027Microsoft SharePoint Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953.",
  "id": "GHSA-hhw5-x523-g8hv",
  "modified": "2023-12-31T21:30:23Z",
  "published": "2022-05-24T17:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16942"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2020-63720

Vulnerability from cnvd - Published: 2020-11-17

Title

Microsoft SharePoint Server信息泄露漏洞（CNVD-2020-63720）

Description

Microsoft SharePoint是美国微软（Microsoft）公司的一套企业业务协作平台。该平台用于对业务信息进行整合，并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。 Microsoft SharePoint Server存在安全漏洞，该漏洞源于在呈现特定网页时未能正确地披露其文件夹结构时，攻击者可利用该漏洞可以查看页面上加载的脚本的文件夹路径。

Severity

低

Patch Name

Microsoft SharePoint Server信息泄露漏洞（CNVD-2020-63720）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.microsoft.com/en-us/help/4486676/security-update-for-sharepoint-server-2019-october-13-2020

Reference

https://support.microsoft.com/en-us/help/4486676/security-update-for-sharepoint-server-2019-october-13-2020

Impacted products

Name
['Microsoft SharePoint Foundation 2010 SP2', 'Microsoft SharePoint Foundation 2013 SP1', 'Microsoft SharePoint Enterprise Server 2016', 'Microsoft SharePoint Server 2019']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-16942",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-16942"
    }
  },
  "description": "Microsoft SharePoint\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u5bf9\u4e1a\u52a1\u4fe1\u606f\u8fdb\u884c\u6574\u5408\uff0c\u5e76\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u3001\u4e0e\u4ed6\u4eba\u534f\u540c\u5de5\u4f5c\u3001\u7ec4\u7ec7\u9879\u76ee\u548c\u5de5\u4f5c\u7ec4\u3001\u641c\u7d22\u4eba\u5458\u548c\u4fe1\u606f\u3002\n\nMicrosoft SharePoint Server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5448\u73b0\u7279\u5b9a\u7f51\u9875\u65f6\u672a\u80fd\u6b63\u786e\u5730\u62ab\u9732\u5176\u6587\u4ef6\u5939\u7ed3\u6784\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u67e5\u770b\u9875\u9762\u4e0a\u52a0\u8f7d\u7684\u811a\u672c\u7684\u6587\u4ef6\u5939\u8def\u5f84\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.microsoft.com/en-us/help/4486676/security-update-for-sharepoint-server-2019-october-13-2020",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-63720",
  "openTime": "2020-11-17",
  "patchDescription": "Microsoft SharePoint\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u4e1a\u52a1\u534f\u4f5c\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u5bf9\u4e1a\u52a1\u4fe1\u606f\u8fdb\u884c\u6574\u5408\uff0c\u5e76\u80fd\u591f\u5171\u4eab\u5de5\u4f5c\u3001\u4e0e\u4ed6\u4eba\u534f\u540c\u5de5\u4f5c\u3001\u7ec4\u7ec7\u9879\u76ee\u548c\u5de5\u4f5c\u7ec4\u3001\u641c\u7d22\u4eba\u5458\u548c\u4fe1\u606f\u3002\r\n\r\nMicrosoft SharePoint Server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5448\u73b0\u7279\u5b9a\u7f51\u9875\u65f6\u672a\u80fd\u6b63\u786e\u5730\u62ab\u9732\u5176\u6587\u4ef6\u5939\u7ed3\u6784\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u67e5\u770b\u9875\u9762\u4e0a\u52a0\u8f7d\u7684\u811a\u672c\u7684\u6587\u4ef6\u5939\u8def\u5f84\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft SharePoint Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-63720\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft SharePoint Foundation 2010 SP2",
      "Microsoft SharePoint Foundation 2013 SP1",
      "Microsoft SharePoint Enterprise Server 2016",
      "Microsoft SharePoint Server 2019"
    ]
  },
  "referenceLink": "https://support.microsoft.com/en-us/help/4486676/security-update-for-sharepoint-server-2019-october-13-2020",
  "serverity": "\u4f4e",
  "submitTime": "2020-10-30",
  "title": "Microsoft SharePoint Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-63720\uff09"
}

FKIE_CVE-2020-16942

Vulnerability from fkie_nvd - Published: 2020-10-16 23:15 - Updated: 2026-02-23 18:21

Severity ?

4.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	sharepoint_enterprise_server	2016
microsoft	sharepoint_foundation	2010
microsoft	sharepoint_foundation	2013
microsoft	sharepoint_server	2019

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C082CC4-6128-475D-BC19-B239E348FDB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "81443CAD-F47E-4FD1-8E0E-8D646C90E4E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F71184B1-7461-4A05-A5D2-03D9EDDC30D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
              "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\u003cp\u003eAn information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.\u003c/p\u003e\n\u003cp\u003eTo take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.\u003c/p\u003e\n\u003cp\u003eThe security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.\u003c/p\u003e"
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Microsoft SharePoint Server divulga inapropiadamente su estructura de carpetas al renderizar p\u00e1ginas web espec\u00edficas, tambi\u00e9n se conoce como \"Microsoft SharePoint Information Disclosure Vulnerability\".\u0026#xa0;Este ID de CVE es diferente de CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953"
    }
  ],
  "id": "CVE-2020-16942",
  "lastModified": "2026-02-23T18:21:28.890",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 3.6,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-16T23:15:15.820",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2020-16942

Vulnerability from fstec - Published: 13.10.2020

Title

Уязвимость пакетов программ Microsoft SharePoint Server, Microsoft SharePoint Foundation, Microsoft SharePoint Enterprise Server, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость пакетов программ Microsoft SharePoint Server, Microsoft SharePoint Foundation, Microsoft SharePoint Enterprise Server связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Vendor

Microsoft Corp

Software Name

Microsoft SharePoint Foundation, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019

Software Version

2013 SP1 (Microsoft SharePoint Foundation), 2010 SP2 (Microsoft SharePoint Foundation), - (Microsoft SharePoint Enterprise Server 2016), - (Microsoft SharePoint Server 2019)

Possible Mitigations

Использование рекомендаций: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942

CWE

CWE-200

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2013 SP1 (Microsoft SharePoint Foundation), 2010 SP2 (Microsoft SharePoint Foundation), - (Microsoft SharePoint Enterprise Server 2016), - (Microsoft SharePoint Server 2019)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.10.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.10.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.10.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-04813",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-16942",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft SharePoint Foundation, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft SharePoint Server, Microsoft SharePoint Foundation, Microsoft SharePoint Enterprise Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u043e\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c Microsoft SharePoint Server, Microsoft SharePoint Foundation, Microsoft SharePoint Enterprise Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16942",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,1)"
}

CERTFR-2020-AVI-633

Vulnerability from certfr_avis - Published: 2020-10-14 - Updated: 2020-10-14

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, un déni de service, une usurpation d'identité, un contournement de la fonctionnalité de sécurité et une exécution de code à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Outlook 2016 (édition 32 bits)
Microsoft	Office	Microsoft Word 2016 (édition 32 bits)
Microsoft	Office	Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft	Office	Microsoft Excel 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2019 pour éditions 32 bits
Microsoft	Office	Microsoft Office 2019 pour Mac
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2013 Click-to-Run (C2R) pour éditions 32 bits
Microsoft	Office	Microsoft Office 2019 pour éditions 64 bits
Microsoft	Office	Microsoft Word 2016 (édition 64 bits)
Microsoft	Office	Microsoft Office 2016 pour Mac
Microsoft	Office	Microsoft Office Web Apps 2013 Service Pack 1
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft Word 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office 2013 RT Service Pack 1
Microsoft	Office	Microsoft Office 2013 Click-to-Run (C2R) pour éditions 64 bits
Microsoft	Office	Microsoft Excel 2016 (édition 32 bits)
Microsoft	Office	Microsoft Outlook 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Excel 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Excel 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft Office Online Server
Microsoft	Office	Microsoft Excel Web App 2010 Service Pack 2
Microsoft	Office	Microsoft SharePoint Enterprise Server 2016
Microsoft	Office	Microsoft Office 2016 (édition 64 bits)
Microsoft	Office	Microsoft Outlook 2016 (édition 64 bits)
Microsoft	Office	Microsoft Excel 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft Word 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Office	Microsoft Word 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft Word 2013 RT Service Pack 1
Microsoft	Office	Microsoft Outlook 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Office Web Apps 2010 Service Pack 2
Microsoft	Office	Microsoft Excel 2016 (édition 64 bits)
Microsoft	Office	Microsoft Office 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Outlook 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Office	Microsoft Word 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Office	Microsoft Office 2016 (édition 32 bits)
Microsoft	Office	Microsoft SharePoint Server 2019
Microsoft	Office	Microsoft SharePoint Server 2010 Service Pack 2
Microsoft	Office	Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft	Office	Microsoft Office 2013 Service Pack 1 (éditions 32 bits)
Microsoft	Office	Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft	Office	Microsoft Outlook 2013 RT Service Pack 1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 13 octobre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Click-to-Run (C2R) pour \u00e9ditions 32 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2019 pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 pour Mac",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Click-to-Run (C2R) pour \u00e9ditions 64 bits",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Online Server",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel Web App 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office Web Apps 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2010 Service Pack 2 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Word 2010 Service Pack 2 (\u00e9ditions 64 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Foundation 2010 Service Pack 2",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Outlook 2013 RT Service Pack 1",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-16952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16952"
    },
    {
      "name": "CVE-2020-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16942"
    },
    {
      "name": "CVE-2020-16953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16953"
    },
    {
      "name": "CVE-2020-16941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16941"
    },
    {
      "name": "CVE-2020-16945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16945"
    },
    {
      "name": "CVE-2020-16957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16957"
    },
    {
      "name": "CVE-2020-16930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16930"
    },
    {
      "name": "CVE-2020-16934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16934"
    },
    {
      "name": "CVE-2020-16948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16948"
    },
    {
      "name": "CVE-2020-16954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16954"
    },
    {
      "name": "CVE-2020-16944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16944"
    },
    {
      "name": "CVE-2020-16929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16929"
    },
    {
      "name": "CVE-2020-16950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16950"
    },
    {
      "name": "CVE-2020-16946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16946"
    },
    {
      "name": "CVE-2020-16947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16947"
    },
    {
      "name": "CVE-2020-16949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16949"
    },
    {
      "name": "CVE-2020-16955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16955"
    },
    {
      "name": "CVE-2020-16933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16933"
    },
    {
      "name": "CVE-2020-16928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16928"
    },
    {
      "name": "CVE-2020-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16932"
    },
    {
      "name": "CVE-2020-16951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16951"
    },
    {
      "name": "CVE-2020-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16931"
    }
  ],
  "initial_release_date": "2020-10-14T00:00:00",
  "last_revision_date": "2020-10-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-633",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-10-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Office\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service, une usurpation\nd\u0027identit\u00e9, un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9 et une\nex\u00e9cution de code \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 octobre 2020",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-16942 (GCVE-0-2020-16942)

GSD-2020-16942

GHSA-HHW5-X523-G8HV

CNVD-2020-63720

FKIE_CVE-2020-16942

CVE-2020-16942

CERTFR-2020-AVI-633

Solution

Tags

Sightings

Nomenclature