Rewterz Threat Alert – Multiple Malware Campaigns – IoCs
March 18, 2019Rewterz Threat Advisory – F5 Multiple Products OpenSSL Denial of Service Vulnerability
March 18, 2019Rewterz Threat Alert – Multiple Malware Campaigns – IoCs
March 18, 2019Rewterz Threat Advisory – F5 Multiple Products OpenSSL Denial of Service Vulnerability
March 18, 2019Severity
Medium
Analysis Summary
CVE-2019-0604
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.
CVE-2019-0668
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Elevation of Privilege Vulnerability’.
CVE-2019-0594
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.
Impact
- Cross site scripting
- Security Bypass
Affected Products
Microsoft SharePoint Server 2016
Remediation
Vendor has released updates for the following product.
Microsoft SharePoint Enterprise Server 2016 (KB4462155):
https://www.microsoft.com/downloads/details.aspx?familyid=2a51ab39-b043-4c60-b567-f0d89bff4603
Microsoft SharePoint Enterprise Server 2016 (KB4462211):
https://www.microsoft.com/downloads/details.aspx?familyid=d7a12d15-0230-487d-a2cf-ceb50a424559