Microsoft Office SharePoint
CVE-2019-1260 — Microsoft SharePoint Elevation of Privilege Vulnerability
Executive Summary
An elevation of privilege vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server. To exploit this vulnerability, an authenticated attacker would send a specially crafted request to an affected server, thereby allowing the impersonation of another SharePoint user. The security update addresses the vulnerability by correcting how Microsoft SharePoint sanitizes user input.
Overview
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
EPSS Score
0.02442
probability of exploitation in the next 30 days
0.82194 percentile - updated 2026-06-20
View on FIRST.org
Affected Products
4 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft SharePoint Enterprise Server 2016 | 4475590 (Security Update) 4475594 (Security Update) |
Important | Elevation of Privilege | Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4475605 (Security Update) |
Important | Elevation of Privilege | Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484098 (Security Update) 4484099 (Security Update) |
Important | Elevation of Privilege | Maybe |
| Microsoft SharePoint Server 2019 | 4475596 (Security Update) 4464557 (Security Update) |
Important | Elevation of Privilege | Maybe |
Patches
4 patches
| Article | Type | Restart |
|---|---|---|
4475590 (Security Update) 4475594 |
Security Update | Maybe |
4475605 |
Security Update | Maybe |
4484098 (Security Update) 4484099 |
Security Update | Maybe |
4475596 (Security Update) 4464557 |
Security Update | Maybe |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
Microsoft has not published researcher acknowledgments for this CVE, or they are not yet reflected in our data source. Check the MSRC advisory directly for the most current credit information.
References
On This Page