Severity
Medium
Analysis Summary
CVE-2019-0604
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.
CVE-2019-0668
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft SharePoint Elevation of Privilege Vulnerability’.
CVE-2019-0594
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’.
Impact
Affected Products
Microsoft SharePoint Server 2016
Remediation
Vendor has released updates for the following product.
Microsoft SharePoint Enterprise Server 2016 (KB4462155):
https://www.microsoft.com/downloads/details.aspx?familyid=2a51ab39-b043-4c60-b567-f0d89bff4603
Microsoft SharePoint Enterprise Server 2016 (KB4462211):
https://www.microsoft.com/downloads/details.aspx?familyid=d7a12d15-0230-487d-a2cf-ceb50a424559