CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43242 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-43242
Microsoft SharePoint Server Spoofing Vulnerability Una vulnerabilidad de Suplantación de Identidad en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-42320 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43242 •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 0CVE-2021-42309 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-42309
Microsoft SharePoint Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-42294 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of server-side controls. An unsafe server-side control can be instantiated if it is specified as a child of a permitted control. An attacker can leverage this vulnerability to execute code in the context of the service account. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42309 https://www.zerodayinitiative.com/advisories/ZDI-22-074 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 1%CPEs: 6EXPL: 0CVE-2021-42294 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-42294
Microsoft SharePoint Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-42309 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42294 •
CVSS: 8.8EPSS: 18%CPEs: 3EXPL: 0CVE-2021-41344 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-41344
Microsoft SharePoint Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota en Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-40487 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of custom workflows. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the web service account. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41344 https://www.zerodayinitiative.com/advisories/ZDI-21-1224 •
CVSS: 8.8EPSS: 18%CPEs: 3EXPL: 0CVE-2021-40487 – Microsoft SharePoint Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-40487
Microsoft SharePoint Server Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft SharePoint Server. Este ID de CVE es diferente de CVE-2021-41344 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Microsoft.SharePoint.WorkflowActions.SetVariableActivity class. A crafted SetVariableActivity element can result in instantiation of an arbitrary .NET type. An attacker can leverage this vulnerability to execute code in the context of the web service account. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40487 https://www.zerodayinitiative.com/advisories/ZDI-21-1225 •