l00ph0le discovered an endpoint on the Store Development Resource Center site at https://sdrc.starbucks.com/_layouts/15/picker.aspx was vulnerable to a deserialization RCE in Microsoft Sharepoint per CVE-2019-0604.

@l00ph0le — thank you for reporting this vulnerability, your patience while we applied the patch and for confirming the resolution.

malwarebytes 1

zdi 1

checkpoint_advisories 1

hackerone 1

mscve 1

cisa_kev 1

thn 4

mskb 8

zdt 1

threatpost 6

githubexploit 3

saint 3

symantec 1

fireeye 1

trendmicroblog 1

ics 3

attackerkb 2

prion 2

cve 2

mmpc 3

mssecure 5

nessus 2

krebs 1

securelist 2

qualysblog 6

kaspersky 1

talosblog 1

malwarebytes

A week in security (May 13 – 19)

2019-05-20 15:57:29

zdi

Microsoft SharePoint EntityInstanceIdEncoder Deserialization of Untrusted Data Remote Code Execution Vulnerability

2019-02-12 00:00:00

checkpoint_advisories

Microsoft SharePoint Remote Code Execution (CVE-2019-0604)

2019-03-20 00:00:00

hackerone

U.S. Dept Of Defense: Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604)

2019-04-10 19:54:33

mscve

Microsoft SharePoint Remote Code Execution Vulnerability

2019-02-12 08:00:00

cisa_kev

Microsoft SharePoint Remote Code Execution Vulnerability

2021-11-03 00:00:00

thn

U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania

2022-09-10 09:43:00

Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel

2021-08-10 13:19:00

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws

2019-02-12 19:32:00

mskb

Description of the security update for SharePoint Server 2010: March 12, 2019

2019-02-12 08:00:00

Description of the security update for SharePoint Enterprise Server 2013: March 12, 2019

2019-02-12 08:00:00

Description of the security update for SharePoint Server 2019: March 12, 2019

2019-02-12 08:00:00

zdt

Microsoft SharePoint - Deserialization Remote Code Execution Exploit

2020-02-11 00:00:00

threatpost

FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug

2019-05-10 21:29:27

U.N. Hack Stemmed From Microsoft SharePoint Flaw

2020-01-30 16:02:58

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

2021-04-28 19:00:55

githubexploit

Exploit for Improper Input Validation in Microsoft

2019-12-10 02:39:57

Exploit for Improper Input Validation in Microsoft

2019-06-26 15:00:29

Exploit for Improper Input Validation in Microsoft

2021-04-22 12:11:22

saint

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-03 00:00:00

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-03 00:00:00

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-03 00:00:00

symantec

Microsoft SharePoint Server CVE-2019-0604 Remote Code Execution Vulnerability

2019-02-12 00:00:00

fireeye

UNC215: Spotlight on a Chinese Espionage Campaign in Israel

2021-08-10 15:00:00

trendmicroblog

Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability

2021-04-27 00:00:00

ics

Iranian State Actors Conduct Cyber Operations Against the Government of Albania

2022-09-23 12:00:00

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

Top Routinely Exploited Vulnerabilities

2021-08-20 12:00:00

attackerkb

CVE-2019-0594

2019-03-05 00:00:00

CVE-2019-0604

2019-03-05 00:00:00

prion

Remote code execution

2019-03-05 23:29:00

Remote code execution

2019-03-05 23:29:00

cve

CVE-2019-0594

2019-03-05 23:29:00

CVE-2019-0604

2019-03-05 23:29:00

mmpc

Microsoft investigates Iranian attacks against the Albanian government

2022-09-08 15:00:00

Zerologon is now detected by Microsoft Defender for Identity

2020-11-30 17:00:20

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

2022-05-09 13:00:00

mssecure

Ghost in the shell: Investigating web shell attacks

2020-02-04 17:30:40

Microsoft investigates Iranian attacks against the Albanian government

2022-09-08 15:00:00

Zerologon is now detected by Microsoft Defender for Identity

2020-11-30 17:00:20

nessus

Security Updates for Microsoft Sharepoint Server (March 2019)

2019-03-14 00:00:00

Security Updates for Microsoft Sharepoint Server (February 2019)

2019-02-14 00:00:00

krebs

Microsoft Patch Tuesday, Sept. 2020 Edition

2020-09-08 21:33:26

securelist

APT trends report Q2 2019

2019-08-01 10:00:05

Incident Response Analyst Report 2019

2020-08-06 10:00:34

qualysblog

Unpacking the CVEs in the FireEye Breach – Start Here First

2021-02-01 20:40:25

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

2019-02-12 19:46:37

Qualys Security Advisory: SolarWinds / FireEye

2020-12-22 21:17:31

kaspersky

KLA11417 Multiple vulnerabilities in Microsoft Office

2019-02-12 00:00:00

talosblog

Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage

2019-02-12 11:55:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.971 High

EPSS

Percentile

99.7%

JSON

Related for H1:536134