Description
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Microsoft / Microsoft SharePoint Enterprise Server2016 – 2016
- Microsoft / Microsoft SharePoint Foundation2013 Service Pack 1 – 2013 Service Pack 1
- Microsoft / Microsoft SharePoint Server2010 Service Pack 2 – 2010 Service Pack 2
- Microsoft / Microsoft SharePoint Server2019 – 2019
Exploits & proofs of concept
- nucleiMicrosoft SharePoint - Remote Code Executionby tree-chtsec,pszyszkowski