Microsoft SharePoint - Remote Code Execution (CVE-2019-0604)
- Severity
- CVSSv3 Score
- 9.8
- Exploitable with Sniper
- Yes
- Vulnerability description
Microsoft SharePoint is affected by a Remote Code Execution. The root cause of this vulnerability is the lack of input validation in checking the source markup of an application package.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Risk description
The risk exists that a remote unauthenticated attacker could execute arbitrary code via specially crafted HTTP POST requests and thus can compromise the target system.
- Recommendation
Upgrade Windows Security Updates and install hotfixes for Microsoft Sharepoint, which will install the latest patches.
- References
https://nvd.nist.gov/vuln/detail/cve-2019-0604
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0604
- Detectable with
- Network Scanner
- Vuln date
- Mar 2019
- Published at
- Updated at
- Software Type
- Collaboration software
- Vendor
- Microsoft
- Product
- Sharepoint
- Codename
- Not available