CVE-2021-27052: Microsoft SharePoint Server Information Disclosure Vulnerability

Overview

Severity

Medium (CVSS 5.3)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Mar

Released

2021-03-09

EPSS Score

11.57% (percentile: 93.6%)

FAQ

What type of information could be disclosed by this vulnerability? An attacker could possibly gain access to an organizational's email, sites, filenames, or the URLs of files.

Affected Products (2)

Microsoft Office

• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019

Security Updates (2)

• 4493232
• 4493230

Acknowledgments

<a href="https://www.linkedin.com/in/sysr00t/">Huynh Thong</a>

Revision History

• 2021-03-09: Information published.