Lucene search

MicrosoftCVE-2019-1443

HistoryNov 12, 2019 - 7:15 p.m.

CVE-2019-1443

2019-11-1219:15:15

CWE-434

microsoft

web.nvd.nist.gov

cve-2019-1443

microsoft

sharepoint

information disclosure

vulnerability

smb hashes

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.944

Percentile

99.2%

JSON

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka ‘Microsoft SharePoint Information Disclosure Vulnerability’.

Affected configurations

Nvd

Vulners

Node

microsoftsharepoint_enterprise_serverMatch2016

microsoftsharepoint_foundationMatch2010sp2

microsoftsharepoint_foundationMatch2013sp1

microsoftsharepoint_serverMatch2019

VendorProductVersionCPE
microsoftsharepoint_enterprise_server2016cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
microsoftsharepoint_foundation2010cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2:*:*:*:*:*:*
microsoftsharepoint_foundation2013cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
microsoftsharepoint_server2019cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	sharepoint_enterprise_server	2016	cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:::::::*
microsoft	sharepoint_foundation	2010	cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp2::::::
microsoft	sharepoint_foundation	2013	cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1::::::
microsoft	sharepoint_server	2019	cpe:2.3:a:microsoft:sharepoint_server:2019:::::::*

CNA Affected

[
  {
    "product": "Microsoft SharePoint Foundation",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2010 Service Pack 2"
      },
      {
        "status": "affected",
        "version": "2013 Service Pack 1"
      }
    ]
  },
  {
    "product": "Microsoft SharePoint Enterprise Server",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2016"
      }
    ]
  },
  {
    "product": "Microsoft SharePoint Server",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2019"
      }
    ]
  }
]