A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0604.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

www.securityfocus.com/bid/106866

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0594

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594

prion 2

cve 2

mskb 8

attackerkb 1

nessus 2

zdi 2

malwarebytes 1

checkpoint_advisories 1

hackerone 2

cisa_kev 1

mscve 2

thn 4

threatpost 6

githubexploit 3

zdt 1

saint 3

symantec 2

trendmicroblog 1

fireeye 1

ics 3

qualysblog 6

mmpc 3

mssecure 5

krebs 1

kaspersky 1

securelist 2

talosblog 1

prion

Remote code execution

2019-03-05 23:29:00

Remote code execution

2019-03-05 23:29:00

cve

CVE-2019-0594

2019-03-05 23:29:00

CVE-2019-0604

2019-03-05 23:29:00

mskb

Description of the security update for SharePoint Foundation 2010: February 12, 2019

2019-02-12 08:00:00

Description of the security update for SharePoint Server 2019: February 12, 2019

2019-02-12 08:00:00

Description of the security update for SharePoint Foundation 2013: February 12, 2019

2019-02-12 08:00:00

attackerkb

CVE-2019-0604

2019-03-05 00:00:00

nessus

Security Updates for Microsoft Sharepoint Server (February 2019)

2019-02-14 00:00:00

Security Updates for Microsoft Sharepoint Server (March 2019)

2019-03-14 00:00:00

zdi

Microsoft SharePoint EntityInstanceIdEncoder Deserialization of Untrusted Data Remote Code Execution Vulnerability

2019-02-12 00:00:00

Microsoft SharePoint BDC Import Deserialization of Untrusted Data Remote Code Execution Vulnerability

2019-02-12 00:00:00

malwarebytes

A week in security (May 13 – 19)

2019-05-20 15:57:29

checkpoint_advisories

Microsoft SharePoint Remote Code Execution (CVE-2019-0604)

2019-03-20 00:00:00

hackerone

U.S. Dept Of Defense: Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604)

2019-04-10 19:54:33

Starbucks: Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604)

2019-04-11 20:27:05

cisa_kev

Microsoft SharePoint Remote Code Execution Vulnerability

2021-11-03 00:00:00

mscve

Microsoft SharePoint Remote Code Execution Vulnerability

2019-02-12 08:00:00

Microsoft SharePoint Remote Code Execution Vulnerability

2019-02-12 08:00:00

thn

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws

2019-02-12 19:32:00

U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania

2022-09-10 09:43:00

Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel

2021-08-10 13:19:00

threatpost

FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug

2019-05-10 21:29:27

U.N. Hack Stemmed From Microsoft SharePoint Flaw

2020-01-30 16:02:58

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

2021-04-28 19:00:55

githubexploit

Exploit for Improper Input Validation in Microsoft

2019-12-10 02:39:57

Exploit for Improper Input Validation in Microsoft

2021-04-22 12:11:22

Exploit for Improper Input Validation in Microsoft

2019-06-26 15:00:29

zdt

Microsoft SharePoint - Deserialization Remote Code Execution Exploit

2020-02-11 00:00:00

saint

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-03 00:00:00

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-03 00:00:00

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-03 00:00:00

symantec

Microsoft SharePoint Server CVE-2019-0594 Remote Code Execution Vulnerability

2019-02-12 00:00:00

Microsoft SharePoint Server CVE-2019-0604 Remote Code Execution Vulnerability

2019-02-12 00:00:00

trendmicroblog

Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability

2021-04-27 00:00:00

fireeye

UNC215: Spotlight on a Chinese Espionage Campaign in Israel

2021-08-10 15:00:00

ics

Iranian State Actors Conduct Cyber Operations Against the Government of Albania

2022-09-23 12:00:00

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

Top Routinely Exploited Vulnerabilities

2021-08-20 12:00:00

qualysblog

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

2019-02-12 19:46:37

Unpacking the CVEs in the FireEye Breach – Start Here First

2021-02-01 20:40:25

Qualys Security Advisory: SolarWinds / FireEye

2020-12-22 21:17:31

mmpc

Microsoft investigates Iranian attacks against the Albanian government

2022-09-08 15:00:00

Zerologon is now detected by Microsoft Defender for Identity

2020-11-30 17:00:20

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

2022-05-09 13:00:00

mssecure

Ghost in the shell: Investigating web shell attacks

2020-02-04 17:30:40

Microsoft investigates Iranian attacks against the Albanian government

2022-09-08 15:00:00

Zerologon is now detected by Microsoft Defender for Identity

2020-11-30 17:00:20

krebs

Microsoft Patch Tuesday, Sept. 2020 Edition

2020-09-08 21:33:26

kaspersky

KLA11417 Multiple vulnerabilities in Microsoft Office

2019-02-12 00:00:00

securelist

APT trends report Q2 2019

2019-08-01 10:00:05

Incident Response Analyst Report 2019

2020-08-06 10:00:34

talosblog

Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage

2019-02-12 11:55:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.971 High

EPSS

Percentile

99.7%

JSON

Related for AKB:0FA0C973-1E4C-48B7-BA36-DBE63803563D