Vulnerability Database

315,363

Total vulnerabilities in the database

CVE-2020-0989

An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and access files. The security update addresses the vulnerability by correcting the how Windows MDM Diagnostics handles files.

Published: Sep 11, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-0989
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
microsoft / windows_10	1709	1709.x
microsoft / windows_10	1803	1803.x
microsoft / windows_10	1809	1809.x
microsoft / windows_server_2016	1903	1903.x
microsoft / windows_10	1903	1903.x
microsoft / windows_server_2016	1909	1909.x
microsoft / windows_10	1909	1909.x
microsoft / windows_10	2004	2004.x
microsoft / windows_server_2016	2004	2004.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0989

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo