Vulnerability Description
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Sharepoint Enterprise Server | 2016 |
| Microsoft | Sharepoint Foundation | 2013 |
| Microsoft | Sharepoint Server | 2010 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106914Broken LinkThird Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604PatchVendor Advisory
- http://www.securityfocus.com/bid/106914Broken LinkThird Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604PatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-US Government Resource
FAQ
What is CVE-2019-0604?
CVE-2019-0604 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulne...
How severe is CVE-2019-0604?
CVE-2019-0604 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-0604?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Sharepoint Enterprise Server, Microsoft Sharepoint Foundation, Microsoft Sharepoint Server.