CVE-2019-1443
MEDIUMMicrosoft Sharepoint Enterprise Server - Unrestricted File Upload
Title source: ruleDescription
An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443
Scores
CVSS v3
6.5
EPSS
0.1445
EPSS Percentile
94.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-434
Status
published
Products (4)
microsoft/sharepoint_enterprise_server
2016
microsoft/sharepoint_foundation
2010 sp2
microsoft/sharepoint_foundation
2013 sp1
microsoft/sharepoint_server
2019
Published
Nov 12, 2019
Tracked Since
Feb 18, 2026