CVE-2019-1491: Microsoft SharePoint Server Information Disclosure Vulnerability Alert

On December 17, Microsoft officially released the CVE-2019-1491 vulnerability warning and patch.

Microsoft SharePoint is a set of corporate business collaboration platforms from Microsoft. The platform is used to integrate business information and enable shared work, collaborative work with others, organization of projects and workgroups, search for people and information. An information disclosure vulnerability exists in SharePoint Server. To exploit this vulnerability, an attacker would need to send a specially crafted request to a specific instance of SharePoint Server. An attacker who successfully exploited this vulnerability could read arbitrary files on the target server.

Affected version

  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Foundation 2010 Service Pack 2
  • Microsoft SharePoint Foundation 2013 Service Pack 1
  • Microsoft SharePoint Server 2019

Solution

At present, Microsoft has officially released an update patch to fix the vulnerability. We recommend that users confirm in time whether they are affected by the vulnerability and take patching measures as soon as possible.