PT-2019-3361 · Microsoft · Sharepoint Server+1
Markus Wulftange
+1
·
Published
2019-09-10
·
Updated
2019-09-12
·
CVE-2019-1296
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Microsoft SharePoint Server (affected versions not specified)
Microsoft SharePoint Enterprise Server (affected versions not specified)
Microsoft SharePoint Foundation (affected versions not specified)
Description
A remote code execution issue exists due to insufficient input validation in Microsoft SharePoint. This could allow a remote attacker to execute arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. The issue arises because APIs are not properly protected from unsafe data input.
Recommendations
For Microsoft SharePoint Server, update to a version that includes the fix for this issue.
For Microsoft SharePoint Enterprise Server, update to a version that includes the fix for this issue.
For Microsoft SharePoint Foundation, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to APIs that handle external data input until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sharepoint Server
Sharepoint Foundation