Microsoft issued an out of band security advisory for an information disclosure vulnerability in SharePoint Server.

The issue, CVE-2019-1491, is has an “important” severity rating and affects SharePoint Enterprise Server 2016, SharePoint Foundation 2010 Pack 2, SharePoint Foundation 2013 Pack 1 and SharePoint Server 2019.

If exploited the vulnerability could allow unauthorized file system access - reading from the file system.

The vulnerability has not been publicly disclosed nor exploited in the wild, Microsoft stated. There are no workarounds or mitigations at this time.