PT-2021-1614 · Microsoft · Sharepoint Server+1
Hph0Var
+1
·
Published
2021-01-12
·
Updated
2024-10-08
·
CVE-2021-1641
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft SharePoint Server (affected versions not specified)
Microsoft SharePoint Foundation (affected versions not specified)
Microsoft SharePoint Enterprise Server (affected versions not specified)
Description
The issue is related to insufficient input validation in Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server. This can be exploited by a remote attacker using a specially crafted request to the vulnerable SharePoint server, allowing for spoofing attacks.
Recommendations
For Microsoft SharePoint Server, update to a version that includes the fix for this issue.
For Microsoft SharePoint Foundation, update to a version that includes the fix for this issue.
For Microsoft SharePoint Enterprise Server, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the vulnerable server to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sharepoint Server
Sharepoint Foundation