CVE-2020-0929: 
vulnerability analysis and mitigation

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package (CVE-2020-0929). The vulnerability affects multiple versions of SharePoint including SharePoint Enterprise Server 2016, SharePoint Foundation 2010 SP2, SharePoint Foundation 2013 SP1, and SharePoint Server 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The CVSS v2.0 base score is 6.5 (MEDIUM) with vector (AV:N/AC:L/Au:S/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the SharePoint application pool and SharePoint server farm account. The vulnerability affects the confidentiality, integrity, and availability of the system, as indicated by the CVSS scoring (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For SharePoint Server 2019, the security update KB4484292 should be applied (Microsoft Support).