Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-31950 — Server-Side Request Forgery in Microsoft Sharepoint Enterprise Server 2016

Severity

8.1HIGHNVD

CNA7.6

EPSS

2.3%

top 15.35%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedJun 8

Latest updateMay 24

Description

Microsoft SharePoint Server Spoofing Vulnerability

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

GHSA

GHSA-xqq4-7jq4-8rv5: Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-31948, CVE-2021-31964↗2022-05-24

▶

CVEList

Microsoft SharePoint Server Spoofing Vulnerability↗2021-06-08

▶

Exploit-DB

Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF)↗2021-06-11

▶

Microsoft

Microsoft SharePoint Server Spoofing Vulnerability↗2021-06-08

▶