CVE-2019-0594

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified)

Description A remote code execution issue exists due to errors in code generation management. This allows a remote attacker to execute arbitrary code. The vulnerability is related to the software's failure to check the source markup of an application package. An attacker who successfully exploits this issue could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation requires a user to upload a specially crafted SharePoint application package to affected versions of SharePoint.

Recommendations For Microsoft SharePoint Server, update to a version that includes the fix for this issue. For Microsoft SharePoint Enterprise Server, update to a version that includes the fix for this issue. For Microsoft SharePoint Foundation, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the upload of SharePoint application packages to minimize the risk of exploitation.