CVE-2020-16941 Vulnerability Details

  /     /     /  

CVE-2020-16941 Metadata Quick Info

CVE Published: 16/10/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: microsoft | Vendor: Microsoft | Product: Microsoft SharePoint Enterprise Server 2016
Status : PUBLISHED

---

CVE-2020-16941 Description

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.

To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.

The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.

Metrics

CVSS Version: 3.1 | Base Score: 4.1 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Information Disclosure
Source: Microsoft

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).