CVE-2021-40482: Microsoft SharePoint Server Information Disclosure Vulnerability

Overview

Severity

Medium (CVSS 5.3)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Oct

Released

2021-10-12

EPSS Score

3.16% (percentile: 86.9%)

FAQ

What type of information could be disclosed by this vulnerability? An attacker could possibly gain access to an organizational's email, sites, filenames, or the URLs of files.

Affected Products (1)

Microsoft Office

• Microsoft SharePoint Server 2019

Security Updates (1)

• 5002028

Acknowledgments

<a href="https://twitter.com/secretlyhidden1">Cameron Vincent</a>

Revision History

• 2021-10-12: Information published.