CVE-2019-0604

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

Published: Mar 6, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0604
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / sharepoint_foundation	2013-sp1	2013-sp1.x
microsoft / sharepoint_server	2010-sp2	2010-sp2.x
microsoft / sharepoint_enterprise_server	2016	2016.x
microsoft / sharepoint_server	2019	2019.x

http://www.securityfocus.com/bid/106914
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604

Vulnerability Database

289,697

CVE-2019-0604