NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge

Trending CVEs for the Week of May 13th, 2019

CVE-2019-0604 – Microsoft SharePoint Remote Code Execution Vulnerability

Description

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.  An attacker could exploit the flaw by uploading a specially crafted SharePoint application package to affected versions of the software.

Affected Products

  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Foundation 2010 Service Pack 2
  • Microsoft SharePoint Foundation 2013 Service Pack 1
  • Microsoft SharePoint Server 2010 Service Pack 2
  • Microsoft SharePoint Server 2013 Service Pack 1
  • Microsoft SharePoint Server 2019

Exploitation and Risk

Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

Fixes

Users should update their systems as soon as possible. Patch can be found on the Microsoft Security Advisory.

References

National Vulnerability Database

Related Posts

Schedule a Product Demo Today!

See how NopSec's end-to-end Cyber Exposure Management platform can organize your security chaos.