9.8
CVE-2019-0604
- EPSS 94.41%
- Published 05.03.2019 23:29:00
- Last modified 04.04.2025 15:33:58
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Sharepoint Enterprise Server Version2016
Microsoft ≫ Sharepoint Foundation Version2013 Updatesp1
Microsoft ≫ Sharepoint Server Version2010 Updatesp2
Microsoft ≫ Sharepoint Server Version2019
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft SharePoint Remote Code Execution Vulnerability
VulnerabilityMicrosoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.41% | 1 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.