BDU:2019-00837

BDU

CriticalConfirmedExploit available

Уязвимость пакета программ Microsoft SharePoint связана с ошибками механизмов проверки исходной разметки пакета приложения. Эксплуатация уя…

CVSS

9.8

Critical

EPSS

0.00

Published

2019-01-01

Updated

2019-01-01

Description

Уязвимость пакета программ Microsoft SharePoint связана с ошибками механизмов проверки исходной разметки пакета приложения. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированного контента

Tags · CWE

Pre-auth

Affected products

Microsoft corp Microsoft sharepointMicrosoft corp Microsoft sharepointMicrosoft corp Microsoft sharepointMicrosoft corp Microsoft sharepointMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft Windows

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2019-01-01

Published

2019-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

48053

exploitdb · https://www.exploit-db.com/exploits/48053

Enterprise

CVE-2019-0604

github-poc · https://github.com/davidlebr1/cve-2019-0604-SP2010-netv3.5

Enterprise

Affected software

Product	Vendor	Status
microsoft sharepoint	microsoft corp	Tracked
microsoft sharepoint	microsoft corp	Tracked
microsoft sharepoint	microsoft corp	Tracked
microsoft sharepoint	microsoft corp	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Source databases

BDU

MSR

Related vulnerabilities

CVE-2019-0604

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0604@https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604@https://exchange.xforce.ibmcloud.com/vulnerabilities/156449