The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server packages relates to information disclosure capabilities, which allow attackers to perform spear-phishing attacks.

🗓️ 16 Jun 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

SharePoint packages have a flawed input validation causing disclosure enabling spear-phishing.

Reporter	Title	Published	Views	Family All 28
0day.today	Microsoft SharePoint Server 16.0.10372.20060 - (GetXmlDataFromDataSource) SSRF Exploit	11 Jun 202100:00	–	zdt
Information Security Automation	Vulristics: Microsoft Patch Tuesdays Q2 2021	10 Jul 202100:14	–	avleonov
Circl	CVE-2021-31950	14 Jun 202107:41	–	circl
CNNVD	Microsoft Office SharePoint 代码问题漏洞	8 Jun 202100:00	–	cnnvd
CNVD	Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2021-41122)	9 Jun 202100:00	–	cnvd
CVE	CVE-2021-31950	8 Jun 202122:46	–	cve
Cvelist	CVE-2021-31950 Microsoft SharePoint Server Spoofing Vulnerability	8 Jun 202122:46	–	cvelist
Exploit DB	Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF)	11 Jun 202100:00	–	exploitdb
EUVD	EUVD-2021-18823	7 Oct 202500:30	–	euvd
Microsoft KB	Description of the security update for SharePoint Server 2019: June 8, 2021 (KB5001944)	8 Jun 202107:00	–	mskb

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31950
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-31950
packetstormsecurity	www.packetstormsecurity.com/files/163080/Microsoft-SharePoint-Server-16.0.10372.20060-Server-Side-Request-Forgery.html
web	www.web.nvd.nist.gov/view/vuln/detail

13 Sep 2024 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 36.3

CVSS 27.5

EPSS0.01679

sharepoint packages information disclosure input validation spear phishing crafted requests