9.8
CVE-2019-0604
- EPSS 94.41%
- Veröffentlicht 05.03.2019 23:29:00
- Zuletzt bearbeitet 04.04.2025 15:33:58
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Sharepoint Enterprise Server Version2016
Microsoft ≫ Sharepoint Foundation Version2013 Updatesp1
Microsoft ≫ Sharepoint Server Version2010 Updatesp2
Microsoft ≫ Sharepoint Server Version2019
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft SharePoint Remote Code Execution Vulnerability
SchwachstelleMicrosoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.41% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.