Vulnerability in Microsoft Sharepoint Enterprise Server
CVE-2019-0604
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from C…
EPSS: 0.944 (100.0th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Sharepoint Enterprise Server — versions 2016
- Microsoft Sharepoint Foundation — versions 2013 Service Pack 1
- Microsoft Sharepoint Server — versions 2010 Service Pack 2, 2019
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
- linhlhq/CVE-2019-0604
- k8gege/CVE-2019-0604
- boxhg/CVE-2019-0604
- Gh0st0ne/weaponized-0604
- m5050/CVE-2019-0604
- likekabin/CVE-2019-0604_sharepoint_CVE
- davidlebr1/cve-2019-0604-SP2010-netv3.5
- Amar224/Active-Directory-Exploitation-Cheat-Sheet
- AshikAhmed007/Active-Directory-Exploitation-Cheat-Sheet
- Aslamlatheef/Active-Directory-Exploitation-Cheat-Sheet
References
- 106914 (vdb-entry, x_refsource_BID)
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2019-0604?
- CVE-2019-0604 is a vulnerability in Microsoft Sharepoint Enterprise Server. Published 2019-03-06.
- Is CVE-2019-0604 known to be exploited?
- Yes. CVE-2019-0604 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 90 public proof-of-concept repositories are indexed.