CVE-2020-17118: 
vulnerability analysis and mitigation

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-17118) is a critical security flaw discovered in 2020 affecting multiple versions of Microsoft SharePoint. The vulnerability affects Microsoft SharePoint Server 2019, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 Service Pack 1, and SharePoint Foundation 2010 Service Pack 2. This vulnerability was assigned a CVSS v3.1 base score of 9.8 (Critical) by NIST and 8.1 (High) by Microsoft (NVD).

The vulnerability is characterized by a remote code execution capability that can be exploited without requiring authentication. It has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H by NIST, indicating network accessibility, low attack complexity, and no privileges or user interaction required. Microsoft's assessment differs slightly with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N, suggesting user interaction may be required (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current user on affected SharePoint installations. Attackers could potentially install malicious programs, view, modify, or delete data, and create new accounts with full user rights (Bleeping Computer).

Microsoft has released security updates to address this vulnerability. The fixes are available through Microsoft Update platform and the Download Center for affected SharePoint versions. Organizations running vulnerable versions of SharePoint should apply the relevant security updates immediately (Bleeping Computer).