Main Vulnerability Database Vulnerabilities #VU21027

#VU21027 Input validation error in Microsoft SharePoint Foundation and Microsoft SharePoint Server - CVE-2019-1295

Published: September 11, 2019

Vulnerability identifier: #VU21027

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-1295

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft SharePoint Foundation
Microsoft SharePoint Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input passed to the SharePoint API endpoint. A remote attacker can send specially crafted request to the affected API and execute arbitrary code on the system in context of the SharePoint server farm account.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1295

#VU21027 Input validation error in Microsoft SharePoint Foundation and Microsoft SharePoint Server - CVE-2019-1295

Description

Remediation

External links

Please verify you're human