What is CVE-2020-1200?

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

How severe is CVE-2020-1200?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2020-1200?

This is classified as CWE-494, which is a common weakness in software security.

CVE-2020-1200

HIGH Year: 2020

CVSS v3 Score

8.6

High

CVSS v2 Score

7.5

High

Weakness Type

CWE-494

View all →

Vulnerability Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

CVE-2020-1452

HIGH

CVSS:8.6(High)

CWE-4942020

CVE-2020-1453

HIGH

CVSS:8.6(High)

CWE-4942020

CVE-2019-3801

HIGH

CVSS:8.7(High)

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could...

CWE-4942019

CVE-2025-4648

HIGH

CVSS:8.4(High)

Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit req...

CWE-4942025

CVE-2018-19234

HIGH

CVSS:8.8(High)

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update val...

CWE-4942018

CVE-2018-4009

HIGH

CVSS:8.8(High)

An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their ...

CWE-4942018

CVE-2020-1200

Vulnerability Description

Related Vulnerabilities

CVE-2020-1452

CVE-2020-1453

CVE-2019-3801

CVE-2025-4648

CVE-2018-19234

CVE-2018-4009