SB2021011211 - Multiple vulnerabilities in Microsoft SharePoint Server
Published: January 12, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2021-1707)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1718)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to tampering issue in SharePoint Server, which leads to security restrictions bypass and privilege escalation.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1719)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
4) Spoofing attack (CVE-ID: CVE-2021-1717)
The vulnerability allows a remote user to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof page content.
5) Spoofing attack (CVE-ID: CVE-2021-1641)
The vulnerability allows a remote user to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof page content.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1712)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1707
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1718
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1719
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1717
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1641
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1712