CVE-2021-31950

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server versions prior to 16.0.10372.20060

Description The issue is related to insufficient input validation in Microsoft SharePoint Server, allowing a remote attacker to perform spoofing attacks using a specially crafted request. This can be exploited through the GetXmlDataFromDataSource function, leading to a Server-Side Request Forgery (SSRF) vulnerability.

Recommendations For Microsoft SharePoint Server version 16.0.10372.20060 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the GetXmlDataFromDataSource function to minimize the risk of exploitation.