Severity

Medium

Analysis Summary

CVE-2019-0604
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.

CVE-2019-0668
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Elevation of Privilege Vulnerability’.

CVE-2019-0594
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.

Impact

• Cross site scripting
• Security Bypass

Affected Products

Microsoft SharePoint Server 2016

Remediation

Vendor has released updates for the following product.

Microsoft SharePoint Enterprise Server 2016 (KB4462155):

https://www.microsoft.com/downloads/details.aspx?familyid=2a51ab39-b043-4c60-b567-f0d89bff4603

Microsoft SharePoint Enterprise Server 2016 (KB4462211):

https://www.microsoft.com/downloads/details.aspx?familyid=d7a12d15-0230-487d-a2cf-ceb50a424559