← back
CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS 8.8 HIGHEPSS 30.0%CWE-94
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 8.8EPSS 30.0%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
11 May 2021Metasploit module available
11 May 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Microsoft SharePoint Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft SharePoint Enterprise Server 2016Microsoft · Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft · Microsoft SharePoint Server 2019

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.htmlhttps://packetstorm.news/files/id/163208https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181https://www.zerodayinitiative.com/advisories/ZDI-21-573/