CVE-2019-1443

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

Published: Nov 12, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-1443
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
microsoft / sharepoint_foundation	2010-sp2	2010-sp2.x
microsoft / sharepoint_foundation	2013-sp1	2013-sp1.x
microsoft / sharepoint_enterprise_server	2016	2016.x
microsoft / sharepoint_server	2019	2019.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443

Vulnerability Database

289,697

CVE-2019-1443