CVE-2021-40487

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server (affected versions not specified) Microsoft SharePoint Foundation (affected versions not specified) Microsoft SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to incorrect code generation management in Microsoft SharePoint products. It allows a remote attacker to execute arbitrary code. The vulnerability can be exploited by deserializing untrusted data in the SetVariableActivity.

Recommendations For Microsoft SharePoint Server, consider restricting access to the SetVariableActivity deserialization functionality until a patch is available. For Microsoft SharePoint Foundation, restrict access to potentially vulnerable components to minimize the risk of exploitation. For Microsoft SharePoint Enterprise Server, avoid using untrusted data in deserialization processes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.