CVE-2019-1006 - Microsoft Sharepoint Server, Microsoft Sharepoint Enterprise Server and Microsoft .net Framework

July 15, 2019

Critical 7.5

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

Affected software

Microsoft Sharepoint Server

Microsoft Sharepoint Enterprise Server

Microsoft .net Framework

Microsoft Windows Server 2019

Microsoft Windows Server 2008

Microsoft Windows Server 2012

Microsoft Windows 7

Microsoft Windows 10

Microsoft Identitymodel

Microsoft Windows 8.1

Microsoft Windows Server 2016

Microsoft Windows Rt 8.1

Microsoft Sharepoint Foundation

Reference links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006

CVE-2019-1006 - Microsoft Sharepoint Server, Microsoft Sharepoint Enterprise Server and Microsoft .net Framework

Affected software

Reference links

Get alerted to vulnerabilities in your software