{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T04:43:58.544","vulnerabilities":[{"cve":{"id":"CVE-2019-0604","sourceIdentifier":"secure@microsoft.com","published":"2019-03-05T23:29:00.757","lastModified":"2025-10-29T14:45:52.547","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594."},{"lang":"es","value":"Existe una vulnerabilidad de ejecución remota de código en Microsoft SharePoint cuando el software no comprueba el marcado de origen de un paquete de una aplicación. Esto también se conoce como \"Microsoft SharePoint Remote Code Execution Vulnerability\". El ID de este CVE es diferente de CVE-2019-0594."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2021-11-03","cisaActionDue":"2022-05-03","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Microsoft SharePoint Remote Code Execution Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*","matchCriteriaId":"9C082CC4-6128-475D-BC19-B239E348FDB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"F71184B1-7461-4A05-A5D2-03D9EDDC30D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2010:sp2:*:*:*:*:*:*","matchCriteriaId":"9A57C675-05A9-4BC2-AE95-7CA5CA6B1F73"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*","matchCriteriaId":"6122D014-5BF1-4AF4-8B4D-80205ED7785E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/106914","source":"secure@microsoft.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/106914","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0604","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}