Cybersecurity specialists report the detection of multiple vulnerabilities in Microsoft SharePoint Server, an enterprise collaboration platform. According to the report, successful exploitation of these flaws would allow threat actors to put affected systems at risk.
Below is a brief description of the reported flaws, in addition to their respective identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).
CVE-2021-43242: This flaw exists due to improper processing of user-provided data in the affected application, which would allow a remote threat actor to spoof the content of a page.
The vulnerability received a CVSS score of 4.7/10.
CVE-2021-42320: Improper processing of user-provided data would allow malicious hackers to spoof the content of a page.
The flaw received a CVSS score of 4.7/10 and is considered a mid-level risk.
CVE-2021-42309: Inadequate validation of user-provided inputs would allow threat actors to send a specially crafted request to Microsoft SharePoint Server and execute arbitrary code on the system.
This is a high severity flaw and received a CVSS score of 8.5/10.
CVE-2021-42294: Insufficient validation of user-provided input would allow remote attackers to send specially crafted requests to Microsoft SharePoint Server and execute arbitrary code on the target system.
The flaw received a CVSS score of 7.7/10.
According to the report, the flaws reside in the following versions of Microsoft SharePoint Server: 2013, 2016 & 2019.
While these vulnerabilities can be exploited remotely by unauthenticated threat actors, cybersecurity experts have not identified active exploitation attempts. Still, Microsoft recommends users of affected deployments update as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.