How severe is CVE-2020-1205?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2020-1205?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2020-1205

MEDIUM Year: 2020

CVSS v3 Score

4.6

Medium

CVSS v2 Score

4.9

Medium

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.

CVE-2015-7566

MEDIUM

CVSS:4.6(Medium)

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash...

NVD-CWE-Other2015

CVE-2015-8324

MEDIUM

CVSS:4.6(Medium)

The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of servic...

NVD-CWE-Other2015

CVE-2016-1851

MEDIUM

CVSS:4.6(Medium)

The Screen Lock feature in Apple OS X before 10.11.5 mishandles password profiles, which allows physically proximate attackers to reset expired passwords in the lock-screen state via unspecified vecto...

NVD-CWE-Other2016

CVE-2016-2184

MEDIUM

CVSS:4.6(Medium)

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL point...

NVD-CWE-Other2016

CVE-2016-2185

MEDIUM

CVSS:4.6(Medium)

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and sys...

NVD-CWE-Other2016

CVE-2016-2186

MEDIUM

CVSS:4.6(Medium)

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system ...

NVD-CWE-Other2016

CVE-2020-1205

Vulnerability Description

Related Vulnerabilities

CVE-2015-7566

CVE-2015-8324

CVE-2016-1851

CVE-2016-2184

CVE-2016-2185

CVE-2016-2186