CVE-2019-1491

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified)

Description An information disclosure issue exists due to incorrect restriction of a directory path name with limited access. This could allow a remote attacker to disclose protected information. The attacker would need to send a specially crafted request to a susceptible SharePoint Server instance to exploit the vulnerability, potentially allowing them to read arbitrary files on the server.

Recommendations For Microsoft SharePoint Server, consider restricting access to sensitive files and directories until a fix is available. For Microsoft SharePoint Enterprise Server, restrict access to vulnerable components to minimize the risk of exploitation. For Microsoft SharePoint Foundation, avoid using vulnerable functions or modules that could lead to information disclosure until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.