A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0604.

CPENameOperatorVersion
sharepoint_enterprise_servereq2016
sharepoint_foundationeq2013 sp1
sharepoint_servereq2010 sp2
sharepoint_servereq2019

Name	Operator	Version
sharepoint_enterprise_server	eq	2016
sharepoint_foundation	eq	2013 sp1
sharepoint_server	eq	2010 sp2
sharepoint_server	eq	2019

References

www.securityfocus.com/bid/106866

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0594

cve 2

attackerkb 2

mskb 8

prion 1

nessus 2

malwarebytes 1

zdi 2

thn 4

checkpoint_advisories 1

cisa_kev 1

hackerone 2

mscve 2

threatpost 6

zdt 1

saint 3

githubexploit 3

fireeye 1

symantec 2

trendmicroblog 1

ics 3

qualysblog 6

mmpc 3

mssecure 5

krebs 1

kaspersky 1

securelist 2

talosblog 1

cve

CVE-2019-0594

2019-03-05 23:29:00

CVE-2019-0604

2019-03-05 23:29:00

attackerkb

CVE-2019-0594

2019-03-05 00:00:00

CVE-2019-0604

2019-03-05 00:00:00

mskb

Description of the security update for SharePoint Foundation 2010: February 12, 2019

2019-02-12 08:00:00

Description of the security update for SharePoint Server 2019: February 12, 2019

2019-02-12 08:00:00

Description of the security update for SharePoint Foundation 2013: February 12, 2019

2019-02-12 08:00:00

prion

Remote code execution

2019-03-05 23:29:00

nessus

Security Updates for Microsoft Sharepoint Server (February 2019)

2019-02-14 00:00:00

Security Updates for Microsoft Sharepoint Server (March 2019)

2019-03-14 00:00:00

malwarebytes

A week in security (May 13 – 19)

2019-05-20 15:57:29

zdi

Microsoft SharePoint EntityInstanceIdEncoder Deserialization of Untrusted Data Remote Code Execution Vulnerability

2019-02-12 00:00:00

Microsoft SharePoint BDC Import Deserialization of Untrusted Data Remote Code Execution Vulnerability

2019-02-12 00:00:00

thn

Microsoft Patch Tuesday — February 2019 Update Fixes 77 Flaws

2019-02-12 19:32:00

U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania

2022-09-10 09:43:00

Experts Believe Chinese Hackers Are Behind Several Attacks Targeting Israel

2021-08-10 13:19:00

checkpoint_advisories

Microsoft SharePoint Remote Code Execution (CVE-2019-0604)

2019-03-20 00:00:00

cisa_kev

Microsoft SharePoint Remote Code Execution Vulnerability

2021-11-03 00:00:00

hackerone

U.S. Dept Of Defense: Remote Code Execution - Unauthenticated Remote Command Injection (via Microsoft SharePoint CVE-2019-0604)

2019-04-10 19:54:33

Starbucks: Store Development Resource Center was vulnerable to a Remote Code Execution - Unauthenticated Remote Command Injection (CVE-2019-0604)

2019-04-11 20:27:05

mscve

Microsoft SharePoint Remote Code Execution Vulnerability

2019-02-12 08:00:00

Microsoft SharePoint Remote Code Execution Vulnerability

2019-02-12 08:00:00

threatpost

FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug

2019-05-10 21:29:27

U.N. Hack Stemmed From Microsoft SharePoint Flaw

2020-01-30 16:02:58

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

2021-04-28 19:00:55

zdt

Microsoft SharePoint - Deserialization Remote Code Execution Exploit

2020-02-11 00:00:00

saint

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-03 00:00:00

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-03 00:00:00

Microsoft SharePoint Picker.aspx deserialization vulnerability

2020-03-03 00:00:00

githubexploit

Exploit for Improper Input Validation in Microsoft

2019-12-10 02:39:57

Exploit for Improper Input Validation in Microsoft

2019-06-26 15:00:29

Exploit for Improper Input Validation in Microsoft

2021-04-22 12:11:22

fireeye

UNC215: Spotlight on a Chinese Espionage Campaign in Israel

2021-08-10 15:00:00

symantec

Microsoft SharePoint Server CVE-2019-0604 Remote Code Execution Vulnerability

2019-02-12 00:00:00

Microsoft SharePoint Server CVE-2019-0594 Remote Code Execution Vulnerability

2019-02-12 00:00:00

trendmicroblog

Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability

2021-04-27 00:00:00

ics

Iranian State Actors Conduct Cyber Operations Against the Government of Albania

2022-09-23 12:00:00

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

Top Routinely Exploited Vulnerabilities

2021-08-20 12:00:00

qualysblog

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

2019-02-12 19:46:37

Unpacking the CVEs in the FireEye Breach – Start Here First

2021-02-01 20:40:25

Qualys Security Advisory: SolarWinds / FireEye

2020-12-22 21:17:31

mmpc

Microsoft investigates Iranian attacks against the Albanian government

2022-09-08 15:00:00

Zerologon is now detected by Microsoft Defender for Identity

2020-11-30 17:00:20

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

2022-05-09 13:00:00

mssecure

Ghost in the shell: Investigating web shell attacks

2020-02-04 17:30:40

Microsoft investigates Iranian attacks against the Albanian government

2022-09-08 15:00:00

Zerologon is now detected by Microsoft Defender for Identity

2020-11-30 17:00:20

krebs

Microsoft Patch Tuesday, Sept. 2020 Edition

2020-09-08 21:33:26

kaspersky

KLA11417 Multiple vulnerabilities in Microsoft Office

2019-02-12 00:00:00

securelist

APT trends report Q2 2019

2019-08-01 10:00:05

Incident Response Analyst Report 2019

2020-08-06 10:00:34

talosblog

Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage

2019-02-12 11:55:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.047 Low

EPSS

Percentile

92.4%

JSON

Related for PRION:CVE-2019-0594