CVE-2019-0604
Published: 05 March 2019
Summary
CVE-2019-0604 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A remote code execution vulnerability tracked as CVE-2019-0604 affects Microsoft SharePoint. It arises when the software fails to properly validate the source markup of an application package, corresponding to CWE-20 improper input validation. The flaw carries a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction.
An unauthenticated attacker can supply a malicious application package over the network and trigger arbitrary code execution on the SharePoint server, resulting in full confidentiality, integrity, and availability impact on the affected system.
Microsoft has published remediation guidance in its security advisory for CVE-2019-0604, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, confirming active use in real-world attacks.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-1370
Vulnerability details
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input (including SharePoint application package markup) before processing, eliminating the CWE-20 flaw that enables unauthenticated RCE.
Mandates prompt installation of Microsoft-supplied patches that correct the package-markup validation failure in SharePoint.
Requires integrity verification of software and packages before execution, blocking or alerting on tampered SharePoint application packages used in the attack.