VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-zy2q-8hz7-s7br

Essentials
Severities (37)
References (20)
Severity details (28)
Exploits (3)
EPSS
History (1)

Vulnerability ID	VCID-zy2q-8hz7-s7br
Aliases	CVE-2020-1147 GHSA-g5vf-38cp-4px9
Summary	A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-502	Deserialization of Untrusted Data
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.8	http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
generic_textual	HIGH	http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
ssvc	Attend	http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
generic_textual	HIGH	http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
ssvc	Attend	http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
cvssv3.1	7.8	http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
generic_textual	HIGH	http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
ssvc	Attend	http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1147.json
epss	0.9343	https://api.first.org/data/v1/epss?cve=CVE-2020-1147
epss	0.9343	https://api.first.org/data/v1/epss?cve=CVE-2020-1147
epss	0.9343	https://api.first.org/data/v1/epss?cve=CVE-2020-1147
epss	0.9343	https://api.first.org/data/v1/epss?cve=CVE-2020-1147
epss	0.9343	https://api.first.org/data/v1/epss?cve=CVE-2020-1147
epss	0.9343	https://api.first.org/data/v1/epss?cve=CVE-2020-1147
epss	0.9343	https://api.first.org/data/v1/epss?cve=CVE-2020-1147
epss	0.9343	https://api.first.org/data/v1/epss?cve=CVE-2020-1147
epss	0.93496	https://api.first.org/data/v1/epss?cve=CVE-2020-1147
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-g5vf-38cp-4px9
cvssv3.1	7.8	https://github.com/dotnet/announcements/issues/159
generic_textual	HIGH	https://github.com/dotnet/announcements/issues/159
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2020-1147
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2020-1147
cvssv3.1	7.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
cvssv3.1	7.8	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
generic_textual	HIGH	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
ssvc	Attend	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
cvssv3.1	7.8	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1147
generic_textual	HIGH	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1147
cvssv3.1	7.8	https://www.exploitalert.com/view-details.html?id=35992
cvssv3.1	7.8	https://www.exploitalert.com/view-details.html?id=35992
generic_textual	HIGH	https://www.exploitalert.com/view-details.html?id=35992
ssvc	Attend	https://www.exploitalert.com/view-details.html?id=35992

Reference id	Reference type	URL
		http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
		http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
		http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1147.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-1147
		https://github.com/dotnet/announcements/issues/159
		https://nvd.nist.gov/vuln/detail/CVE-2020-1147
		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1147
		https://www.exploitalert.com/view-details.html?id=35992
1856929		https://bugzilla.redhat.com/show_bug.cgi?id=1856929
CVE-2020-1147	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/aspx/webapps/48747.py
CVE-2020-1147	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/aspx/webapps/50151.py
GHSA-g5vf-38cp-4px9		https://github.com/advisories/GHSA-g5vf-38cp-4px9
RHSA-2020:2937		https://access.redhat.com/errata/RHSA-2020:2937
RHSA-2020:2938		https://access.redhat.com/errata/RHSA-2020:2938
RHSA-2020:2939		https://access.redhat.com/errata/RHSA-2020:2939
RHSA-2020:2954		https://access.redhat.com/errata/RHSA-2020:2954
RHSA-2020:2988		https://access.redhat.com/errata/RHSA-2020:2988
RHSA-2020:2989		https://access.redhat.com/errata/RHSA-2020:2989

Data source	Metasploit
Description	A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint is installed and configured. The vulnerability is related to a failure to validate the source of XML input data, leading to an unsafe deserialization operation that can be triggered from a page that initializes either the ContactLinksSuggestionsMicroView type or a derivative of it. In a default configuration, a Domain User account is sufficient to access SharePoint and exploit this vulnerability.
Note	Stability: - crash-safe SideEffects: - artifacts-on-disk - ioc-in-logs Reliability: - repeatable-session
Ransomware campaign use	Unknown
Source publication date	July 14, 2020
Platform	Windows
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/http/sharepoint_data_deserialization.rb

Data source	KEV
Date added	Nov. 3, 2021
Description	Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content.
Required action	Apply updates per vendor instructions.
Due date	May 3, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2020-1147
Ransomware campaign use	Unknown

Data source	Exploit-DB
Date added	July 23, 2021
Description	Microsoft SharePoint Server 2019 - Remote Code Execution (2)
Ransomware campaign use	Unknown
Source publication date	July 23, 2021
Exploit type	webapps
Platform	aspx
Source update date	July 23, 2021

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H Found at http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T19:25:47Z/ Found at http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H Found at http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T19:25:47Z/ Found at http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H Found at http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T19:25:47Z/ Found at http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1147.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H Found at https://github.com/dotnet/announcements/issues/159

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-1147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T19:25:47Z/ Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H Found at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H Found at https://www.exploitalert.com/view-details.html?id=35992

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploitalert.com/view-details.html?id=35992

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T19:25:47Z/ Found at https://www.exploitalert.com/view-details.html?id=35992

Exploit Prediction Scoring System (EPSS)

Percentile	0.99815
EPSS Score	0.9343
Published At	April 7, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:10:19.966579+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g5vf-38cp-4px9/GHSA-g5vf-38cp-4px9.json	38.0.0