First published: Wed Jul 14 2021(Updated: )
Microsoft SharePoint Server Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft SharePoint Foundation | =2013-sp1 | |
Microsoft SharePoint Server | =2016 | |
Microsoft SharePoint Server | =2019 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34468 is a vulnerability that allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft SharePoint.
CVE-2021-34468 has a severity rating of high.
CVE-2021-34468 affects Microsoft SharePoint Foundation 2013 SP1, Microsoft SharePoint Server 2016, and Microsoft SharePoint Server 2019.
Exploiting CVE-2021-34468 requires user interaction and involves parsing of CAB files with specially crafted filenames.
More information about CVE-2021-34468 can be found at the following references: [Microsoft Security Response Center](https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-34468), [Zero Day Initiative](https://www.zerodayinitiative.com/advisories/ZDI-21-829/), [Microsoft Security Guidance Advisory](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34468).