CVE-2021-31181EUVD-2021-1809411.05.2021, 19:15Microsoft SharePoint Remote Code Execution VulnerabilityCode InjectionEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTPrimary8.8 HIGHNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HmicrosoftCNA8.8 HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CAwaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: 97%Known Exploits!http://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.htmlCommon Weakness EnumerationCWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Referenceshttp://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181https://www.zerodayinitiative.com/advisories/ZDI-21-573/http://packetstormsecurity.com/files/163208/Microsoft-SharePoint-Unsafe-Control-And-ViewState-Remote-Code-Execution.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181https://www.zerodayinitiative.com/advisories/ZDI-21-573/https://packetstorm.news/files/id/163208