Lucene search

[email protected]CVE-2019-1443

HistoryNov 12, 2019 - 7:15 p.m.

CVE-2019-1443

2019-11-1219:15:00

CWE-434

[email protected]

web.nvd.nist.gov

cve-2019-1443

microsoft

sharepoint

information disclosure

vulnerability

smb hashes

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.8 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.944 High

EPSS

Percentile

99.2%

JSON

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka ‘Microsoft SharePoint Information Disclosure Vulnerability’.

CPENameOperatorVersion
microsoft:sharepoint_foundationmicrosoft sharepoint foundationeq2010
microsoft:sharepoint_foundationmicrosoft sharepoint foundationeq2013
microsoft:sharepoint_enterprise_servermicrosoft sharepoint enterprise servereq2016
microsoft:sharepoint_servermicrosoft sharepoint servereq2019

CPE	Name	Operator	Version
microsoft:sharepoint_foundation	microsoft sharepoint foundation	eq	2010
microsoft:sharepoint_foundation	microsoft sharepoint foundation	eq	2013
microsoft:sharepoint_enterprise_server	microsoft sharepoint enterprise server	eq	2016
microsoft:sharepoint_server	microsoft sharepoint server	eq	2019