8.8

CVE-2019-1295

A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftSharepoint Foundation Version2010 Updatesp2
MicrosoftSharepoint Foundation Version2013 Updatesp1
MicrosoftSharepoint Server Version2019
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.33% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295
Patch
Vendor Advisory