Security readout for executives and security teams
Plain-English summary
CVE-2020-17118 is a high-severity Microsoft SharePoint remote code execution issue. A successful attack could let an attacker run code on an affected SharePoint server, but the CVSS vector indicates user interaction is required. Microsoft published vendor guidance and a patch reference.
Executive priority
Treat this as a high-priority legacy SharePoint remediation item. It has high confidentiality and integrity impact, and Microsoft published patch guidance. Urgency is highest where affected SharePoint servers remain exposed to untrusted networks or support sensitive business workflows.
Technical view
The CVSS 3.1 vector is 8.1 high: network-accessible, low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality and integrity impact, and no availability impact. The affected products listed are SharePoint Foundation 2010 SP2, Foundation 2013 SP1, Enterprise Server 2016, and Server 2019.
Likely exposure
Exposure is most likely in organizations still operating the affected Microsoft SharePoint versions listed by the CVE bundle, especially internet-accessible or broadly reachable SharePoint deployments. The bundle does not identify affected cloud services or additional third-party products.
Exploitation context
The source bundle does not show CISA KEV listing or cited evidence of active exploitation. The CVSS exploitability metric is E:P, which indicates proof-of-concept maturity in the scoring data, but the provided sources do not include exploit details.
Researcher notes
Do not assume active exploitation from the provided bundle. Focus validation on product/version presence, Microsoft update applicability, and exposure path. The user-interaction requirement matters for risk modeling, but no source-provided exploit chain or workaround details are available here.
Mitigation direction
Apply Microsoft’s official security update or current vendor guidance for CVE-2020-17118.
Inventory SharePoint deployments for the affected product and version names.
Prioritize externally reachable SharePoint servers and high-value collaboration environments.
Check Microsoft guidance for exact update, supersedence, and support-status details.
Validation and detection
Confirm each SharePoint server product and version against the affected list.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
description · low confidence lookup
Execution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
1ADP providers
3Source links
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.