Sharepoint Enterprise Server Security Vulnerabilities and Issues — Sharepoint Enterprise Server CVE List

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, an attacker would have...

6.5CVSS6.8AI score0.14182EPSS

cve•added 2020/10/16 11:15 p.m.•113 views

CVE-2020-16948

6.5CVSS6.8AI score0.15076EPSS

cve•added 2020/11/11 7:15 a.m.•102 views

CVE-2020-17017

Microsoft SharePoint Information Disclosure Vulnerability

6.8CVSS6.4AI score0.04048EPSS

cve•added 2019/09/11 10:15 p.m.•101 views

CVE-2019-1260

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

6.5CVSS7.2AI score0.11221EPSS

cve•added 2020/11/11 7:15 a.m.•94 views

CVE-2020-16979

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS5.2AI score0.04048EPSS

cve•added 2020/06/09 8:15 p.m.•93 views

CVE-2020-1323

An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'.

6.1CVSS6.5AI score0.014EPSS

cve•added 2020/09/11 5:15 p.m.•93 views

CVE-2020-1440

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.To exploit the vulnerability, an attacker would need to be authenticated on an affected Shar...

6.3CVSS7.2AI score0.01697EPSS

cve•added 2020/11/11 7:15 a.m.•93 views

CVE-2020-17015

Microsoft SharePoint Server Spoofing Vulnerability

6.5CVSS4.8AI score0.02613EPSS

cve•added 2020/05/21 11:15 p.m.•91 views

CVE-2020-1103

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a mal...

6.5CVSS6.4AI score0.08862EPSS

cve•added 2021/03/11 4:15 p.m.•90 views

CVE-2021-27052

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS5.3AI score0.08862EPSS

cve•added 2021/02/25 11:15 p.m.•86 views

CVE-2021-24071

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS5.7AI score0.08862EPSS

cve•added 2019/03/06 12:0 a.m.•84 views

CVE-2019-0670

A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'.

6.1CVSS7.4AI score0.00506EPSS

cve•added 2020/05/21 11:15 p.m.•84 views

CVE-2020-1106

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101...

6.1CVSS5.1AI score0.01851EPSS

cve•added 2019/11/12 7:15 p.m.•83 views

CVE-2019-1443

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The secu...

6.5CVSS5.8AI score0.15084EPSS

cve•added 2020/09/11 5:15 p.m.•83 views

CVE-2020-1482

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

6.3CVSS6.7AI score0.00438EPSS

cve•added 2018/01/10 1:29 a.m.•77 views

CVE-2018-0799

Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability".

6.1CVSS6.7AI score0.0081EPSS

cve•added 2019/10/10 2:15 p.m.•77 views

CVE-2019-1330

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.

6.5CVSS5.8AI score0.12558EPSS

cve•added 2019/05/16 7:29 p.m.•74 views

CVE-2019-0956

An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'.

6.5CVSS6.2AI score0.10464EPSS

cve•added 2025/08/12 6:15 p.m.•14 views

CVE-2025-53736

Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

6.8CVSS6.7AI score0.00046EPSS