Severity

Medium

Analysis Summary

CVE-2019-0594
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.

CVE-2019-0604
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.

Impact

Security Bypass

Affected Products

Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2019

Remediation

Vendor has released updates for the following products. 

Microsoft SharePoint Server 2010 Service Pack 2 (KB4461630):

https://www.microsoft.com/downloads/details.aspx?familyid=ee157143-0ec3-4022-936e-be920b820b29



Microsoft SharePoint Server 2019 (KB4462171):

https://www.microsoft.com/downloads/details.aspx?familyid=707d5d31-fd70-4938-a13a-6f096413f81a



Microsoft SharePoint Server 2010 Service Pack 2 (KB4462184):

https://www.microsoft.com/downloads/details.aspx?familyid=3b5c9aa5-db7c-45d5-be1b-2ef5c52ca223



Microsoft SharePoint Server 2019 (KB4462199):

https://www.microsoft.com/downloads/details.aspx?familyid=d43632da-bbbe-4ac2-8365-df209a207eae