CVE-2019-0604
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft SharePoint Server | 2010 Service Pack 2 | affected |
| Microsoft | Microsoft SharePoint Server | 2019 | affected |
| Microsoft | Microsoft SharePoint Foundation | 2013 Service Pack 1 | affected |
| Microsoft | Microsoft SharePoint Enterprise Server | 2016 | affected |
Weaknesses
- Remote Code Execution
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/106914
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
- http://www.securityfocus.com/bid/106914
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.