CVE-2019-0604: Microsoft SharePoint Remote Code Execution Vulnerability
First published: Tue Mar 05 2019(Updated: )
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP Sizer for Microsoft SharePoint 2013 | ||
| Microsoft SharePoint Enterprise Server 2016 | =2016 | |
| Microsoft SharePoint Foundation 2013 | =2013-sp1 | |
| Microsoft SharePoint Server 2010 | =2010-sp2 | |
| Microsoft SharePoint Server 2010 | =2019 | |
| =2016 | ||
| =2013-sp1 | ||
| =2010-sp2 | ||
| =2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-0604?
CVE-2019-0604 is a remote code execution vulnerability in Microsoft SharePoint.
How severe is CVE-2019-0604?
CVE-2019-0604 has a severity rating of 9.8 out of 10, which is considered critical.
Which versions of Microsoft SharePoint are affected by CVE-2019-0604?
Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 SP1, Microsoft SharePoint Server 2010 SP2, and Microsoft SharePoint Server 2019 are affected by CVE-2019-0604.
What is the CWE ID for CVE-2019-0604?
CVE-2019-0604 is categorized under CWE-20: Improper Input Validation.
How can I fix CVE-2019-0604?
To fix CVE-2019-0604, it is recommended to apply the latest security updates provided by Microsoft.
- agent/type
- agent/first-publish-date
- agent/description
- agent/title
- agent/severity
- agent/weakness
- agent/remedy
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2019-0604
- agent/references
- agent/author
- agent/source
- agent/trending
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- exploited/true
- ransomware/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- collector/nvd-index
- collector/nvd-cve
- vendor/microsoft
- canonical/hp sizer for microsoft sharepoint 2013
- canonical/microsoft sharepoint enterprise server 2016
- version/microsoft sharepoint enterprise server 2016/2016
- canonical/microsoft sharepoint foundation 2013
- version/microsoft sharepoint foundation 2013/2013-sp1
- canonical/microsoft sharepoint server 2010
- version/microsoft sharepoint server 2010/2010-sp2
- version/microsoft sharepoint server 2010/2019