CVE-2020-16951

🗓️ 16 Oct 2020 22:18:03Reported by microsoftType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 255 Views🌐 WEB

A remote code execution vulnerability in Microsoft SharePoin

Reporter	Title	Published	Views	Family All 26
ATTACKERKB	CVE-2020-16952 — Microsoft SharePoint Remote Code Execution Vulnerabilities	16 Oct 202000:00	–	attackerkb
CNVD	Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2020-57589)	19 Oct 202000:00	–	cnvd
Check Point Advisories	Microsoft SharePoint Server Remote Code Execution (CVE-2020-16951)	29 Dec 202000:00	–	checkpoint_advisories
Cvelist	CVE-2020-16951 Microsoft SharePoint Remote Code Execution Vulnerability	16 Oct 202022:18	–	cvelist
EUVD	EUVD-2020-8909	7 Oct 202500:30	–	euvd
Microsoft KB	Description of the security update for SharePoint Server 2019: October 13, 2020	13 Oct 202007:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Enterprise Server 2016: October 13, 2020	13 Oct 202007:00	–	mskb
Microsoft KB	Description of the security update for SharePoint Foundation 2013: October 13, 2020	13 Oct 202007:00	–	mskb
Kaspersky	KLA11976 Multiple vulnerabilites in Microsoft Office	13 Oct 202000:00	–	kaspersky
Microsoft CVE	Microsoft SharePoint Remote Code Execution Vulnerability	13 Oct 202007:00	–	mscve

NVD

Vulners

Node

microsoft sharepoint_enterprise_serverMatch2016

microsoft sharepoint_foundationMatch2013sp1

microsoft sharepoint_serverMatch2019

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Enterprise Server 2016",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Server 2019",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
    "cpes": [
      "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951

Parameter	Position	Path	Description	CWE
WebPartUrl	query param	_layouts/15/WebPartEditingSurface.aspx?WebPartUrl=http://target/poc.xml&Url=/_catalogs/masterpage/seattle.master	Exposed endpoint used to trigger WebPartEditingSurfacePage processing with attacker-controlled WebPartUrl and Url parameters.	CWE-346
Url	query param	_layouts/15/WebPartEditingSurface.aspx?WebPartUrl=http://target/poc.xml&Url=/_catalogs/masterpage/seattle.master	Exposed endpoint used to trigger WebPartEditingSurfacePage processing with attacker-controlled WebPartUrl and Url parameters.	CWE-346

23 Feb 2026 18:21Current

8.7High risk

Vulners AI Score8.7

CVSS 26.8

CVSS 3.17.8 - 8.6

EPSS0.01557