CVE-2020-16941

CVE Database · CVE-2020-16941

CVE-2020-16941

· MEDIUMModified

CVSS v3.1

4.1

EPSS

0.88%

Published

Oct 16, 2020

Modified

Feb 23, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability. The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected Products (4)

microsoft · sharepoint_enterprise_servervulnerable

microsoft · sharepoint_foundationvulnerable

microsoft · sharepoint_servervulnerable

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16941

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs