Rewterz Threat Advisory – CVE-2021-20019 – SonicWall SonicOS information disclosure
June 24, 2021Rewterz Threat Advisory – ICS: Advantech WebAccess HMI Designer
June 24, 2021Rewterz Threat Advisory – CVE-2021-20019 – SonicWall SonicOS information disclosure
June 24, 2021Rewterz Threat Advisory – ICS: Advantech WebAccess HMI Designer
June 24, 2021Severity
Medium
Analysis Summary
CVE-2021-26420
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability.
A specific flaw exists within the System.Workflow.ComponentModel.Compiler.WorkflowCompilerInternal class. This class allows an attacker to specify a path to an arbitrary workflow definition file. An attacker can leverage this vulnerability to execute code in the context of the web service account.
Impact
- Code Execution
- Unauthorized Access
Affected Vendors
Microsoft
Affected Products
- SharePoint
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26420