CVE-2019-0604
published 2019-03-05CVE-2019-0604: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_sharepoint_enterprise_server | — | — |
| microsoft | microsoft_sharepoint_foundation | — | — |
| microsoft | microsoft_sharepoint_server | — | — |
| microsoft | microsoft_sharepoint_server | — | — |
| microsoft | sharepoint_enterprise_server | — | — |
| microsoft | sharepoint_foundation | — | — |
| microsoft | sharepoint_server | — | — |
| microsoft | sharepoint_server | — | — |
| msrc | microsoft_sharepoint_enterprise_server_2016 | — | — |
| msrc | microsoft_sharepoint_foundation_2010_service_pack_2 | — | — |
| msrc | microsoft_sharepoint_foundation_2013_service_pack_1 | — | — |
| msrc | microsoft_sharepoint_server_2010_service_pack_2 | — | — |
| msrc | microsoft_sharepoint_server_2013_service_pack_1 | — | — |
| msrc | microsoft_sharepoint_server_2019 | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL