Severity
Medium
Analysis Summary
CVE-2019-0594
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.
CVE-2019-0604
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.
CVE-2019-0670
A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka ‘Microsoft SharePoint Spoofing Vulnerability’.
Impact
- Spoofing
- Security Bypass
Affected Products
Microsoft SharePoint Foundation 2013
Remediation
Vendor has released updates for the following products.
Microsoft SharePoint Foundation 2013 Service Pack 1 (KB4462143):
https://www.microsoft.com/downloads/details.aspx?familyid=7a78892a-d8d2-4154-871d-22dde393be2a
Microsoft SharePoint Foundation 2013 Service Pack 1 (KB4462202):
https://www.microsoft.com/downloads/details.aspx?familyid=bb98da67-5aa3-41eb-929d-d182a746aa52