Cyber Resilience

CVE-2019-0604

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 05 March 2019

Published
05 March 2019
Modified
29 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9442 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-0604 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A remote code execution vulnerability tracked as CVE-2019-0604 affects Microsoft SharePoint. It arises when the software fails to properly validate the source markup of an application package, corresponding to CWE-20 improper input validation. The flaw carries a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction.

An unauthenticated attacker can supply a malicious application package over the network and trigger arbitrary code execution on the SharePoint server, resulting in full confidentiality, integrity, and availability impact on the affected system.

Microsoft has published remediation guidance in its security advisory for CVE-2019-0604, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities, confirming active use in real-world attacks.

EU & UK References

Vulnerability details

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
sharepoint enterprise server
2016
microsoft
sharepoint foundation
2013
microsoft
sharepoint server
2010, 2019

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all input (including SharePoint application package markup) before processing, eliminating the CWE-20 flaw that enables unauthenticated RCE.

prevent

Mandates prompt installation of Microsoft-supplied patches that correct the package-markup validation failure in SharePoint.

preventdetect

Requires integrity verification of software and packages before execution, blocking or alerting on tampered SharePoint application packages used in the attack.

References