Severity
Medium
Analysis Summary
CVE-2019-0594
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.
CVE-2019-0604
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.
CVE-2019-0670
A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka ‘Microsoft SharePoint Spoofing Vulnerability’.
Impact
Affected Products
Microsoft SharePoint Foundation 2013
Remediation
Vendor has released updates for the following products.
Microsoft SharePoint Foundation 2013 Service Pack 1 (KB4462143):
https://www.microsoft.com/downloads/details.aspx?familyid=7a78892a-d8d2-4154-871d-22dde393be2a
Microsoft SharePoint Foundation 2013 Service Pack 1 (KB4462202):
https://www.microsoft.com/downloads/details.aspx?familyid=bb98da67-5aa3-41eb-929d-d182a746aa52