1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Microsoft SharePoint Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2019-0604 Mappings

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability primary_impact T1041 Exfiltration Over C2 Channel
Comments
CVE-2019-0604 is a vulnerability in an XML deserialization component within Microsoft SharePoint allowed remote attackers to typically install webshell malware to vulnerable hosts.
References
  1. https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/
  2. https://ociso.ucla.edu/news/cyber-actors-exploit-sharepoint-vulnerability-gain-access-unprotected-networks
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability primary_impact T1608.001 Upload Malware
Comments
CVE-2019-0604 is a vulnerability in an XML deserialization component within Microsoft SharePoint allowed remote attackers to typically install webshell malware to vulnerable hosts.
References
  1. https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/
  2. https://ociso.ucla.edu/news/cyber-actors-exploit-sharepoint-vulnerability-gain-access-unprotected-networks
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability secondary_impact T1003 OS Credential Dumping
Comments
CVE-2019-0604 is a vulnerability in an XML deserialization component within Microsoft SharePoint allowed remote attackers to typically install webshell malware to vulnerable hosts.
References
  1. https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/
  2. https://ociso.ucla.edu/news/cyber-actors-exploit-sharepoint-vulnerability-gain-access-unprotected-networks
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability primary_impact T1505.003 Web Shell
Comments
CVE-2019-0604 is a vulnerability in an XML deserialization component within Microsoft SharePoint allowed remote attackers to typically install webshell malware to vulnerable hosts.
References
  1. https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/
  2. https://ociso.ucla.edu/news/cyber-actors-exploit-sharepoint-vulnerability-gain-access-unprotected-networks
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2019-0604 is a vulnerability in an XML deserialization component within Microsoft SharePoint allowed remote attackers to typically install webshell malware to vulnerable hosts.
References
  1. https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/
  2. https://ociso.ucla.edu/news/cyber-actors-exploit-sharepoint-vulnerability-gain-access-unprotected-networks
  3. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a