CVE-2021-43242: Microsoft SharePoint Server Spoofing Vulnerability

Overview

Severity

High (CVSS 7.6)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Dec

Released

2021-12-14

EPSS Score

1.03% (percentile: 77.4%)

Affected Products (4)

Microsoft Office

• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft SharePoint Foundation 2013 Service Pack 1

Security Updates (4)

• 5002055
• 5002054
• 5002045
• 5002071

Acknowledgments

<a href="https://twitter.com/rskvp93">rskvp93</a> with <a href="https://viettelcybersecurity.com">Viettel Cyber Security</a>

Revision History

• 2021-12-14: Information published.