HomePentest-Tools.com Logo

Microsoft SharePoint - Remote Code Execution (CVE-2019-0604)

Severity
CVSSv3 Score
9.8
Exploitable with Sniper
Yes
Vulnerability description

Microsoft SharePoint is affected by a Remote Code Execution. The root cause of this vulnerability is the lack of input validation in checking the source markup of an application package.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Risk description

The risk exists that a remote unauthenticated attacker could execute arbitrary code via specially crafted HTTP POST requests and thus can compromise the target system.

Recommendation

Upgrade Windows Security Updates and install hotfixes for Microsoft Sharepoint, which will install the latest patches.

Detectable with
Network Scanner
Vuln date
Mar 2019
Published at
Updated at
Software Type
Collaboration software
Vendor
Microsoft
Product
Sharepoint
Codename
Not available