Summaryinfo

A vulnerability classified as problematic was found in Microsoft SharePoint Server 2013 SP1/2016/2019. This issue affects some unknown processing. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2021-31171. It is possible to launch the attack remotely. No exploit is available. It is advisable to implement a patch to correct this issue.

Detailsinfo

A vulnerability was found in Microsoft SharePoint Server 2013 SP1/2016/2019 (Groupware Software). It has been rated as problematic. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality.

The weakness was published 05/11/2021 as confirmed security guidance (Website). The advisory is shared for download at portal.msrc.microsoft.com. This vulnerability is handled as CVE-2021-31171. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Groupware Software

Vendor

• Microsoft

Name

• SharePoint Server

Version

• 2013 SP1
• 2016
• 2019

License

• commercial

Website

• Vendor: https://www.microsoft.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion