CVE-2019-1295

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified)

Description A remote code execution issue exists due to insufficient input validation in Microsoft SharePoint. This could allow a remote attacker to execute arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. The issue arises because APIs are not properly protected from unsafe data input.

Recommendations For Microsoft SharePoint Server, update to a version that includes the fix for this issue. For Microsoft SharePoint Enterprise Server, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to APIs that are not properly protected from unsafe data input until a patch is available.