Microsoft issues out-of-band security update for SharePoint Server vulnerability (CVE-2019-1491)

Microsoft issued an out-of-bound security update for a SharePoint Server vulnerability CVE-2019-1491.

The patch addresses Microsoft SharePoint Server information disclosure vulnerability CVE-2019-1491. Microsoft warns an attacker could exploit this vulnerability and then read arbitrary files on the server.

The security update was included in the December patches for the following Microsoft SharePoint versions:

  • SharePoint Enterprise Server 2016
  • SharePoint Foundation 2010 Service Pack 2
  • SharePoint Foundation 2013 Service Pack 1
  • SharePoint Server 2019.

The CVE has not been rated by NIST, but has been reserved.