Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-34519

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-14 Jul, 2021 | 17:54
Updated At-04 Aug, 2024 | 00:12
Rejected At-
Credits

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:14 Jul, 2021 | 17:54
Updated At:04 Aug, 2024 | 00:12
Rejected At:
â–¼CVE Numbering Authority (CNA)
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Enterprise Server 2016
CPEs
  • cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.5188.1000 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
CPEs
  • cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.0.0 before 15.0.5363.1000 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft SharePoint Foundation 2013 Service Pack 1
CPEs
  • cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.0.0 before 15.0.5363.1000 (custom)
Problem Types
TypeCWE IDDescription
ImpactN/AInformation Disclosure
Type: Impact
CWE ID: N/A
Description: Information Disclosure
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-830/
x_refsource_MISC
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519
Resource:
x_refsource_MISC
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-830/
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519
x_refsource_MISC
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-21-830/
x_refsource_MISC
x_transferred
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-830/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:14 Jul, 2021 | 18:15
Updated At:28 Dec, 2023 | 23:15

Microsoft SharePoint Server Information Disclosure Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.13.5LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary2.02.3LOW
AV:A/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 2.3
Base severity: LOW
Vector:
AV:A/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
Microsoft Corporation
microsoft
>>sharepoint_foundation>>2013
cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2013
cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*
Microsoft Corporation
microsoft
>>sharepoint_server>>2016
cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519secure@microsoft.com
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-830/secure@microsoft.com
Third Party Advisory
VDB Entry
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34519
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-830/
Source: secure@microsoft.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

20Records found
CVE-2022-26907
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.47% / 64.84%
||
7 Day CHG~0.00%
Published-15 Apr, 2022 | 19:05
Updated-02 Jan, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure SDK for .NET Information Disclosure Vulnerability

Azure SDK for .NET Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_sdk_for_.netAzure SDK for .Net
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-8435
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.56% / 68.66%
||
7 Day CHG~0.00%
Published-13 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows 10 ServersWindows 10Windows Server 2016
CWE ID-CWE-331
Insufficient Entropy
CVE-2022-24466
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.1||MEDIUM
EPSS-1.13% / 78.62%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:33
Updated-02 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Security Feature Bypass Vulnerability

Windows Hyper-V Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows Server 2016
CVE-2020-24588
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.40% / 61.18%
||
7 Day CHG+0.09%
Published-11 May, 2021 | 00:00
Updated-14 Apr, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

Action-Not Available
Vendor-ieeen/aDebian GNU/LinuxMicrosoft CorporationArista Networks, Inc.Linux Kernel Organization, IncCisco Systems, Inc.Intel CorporationSiemens AG
Product-meraki_gr10ir829gw-lte-ga-ck9scalance_wum766-1_6ghz_firmwaremeraki_mr26_firmwarecatalyst_9120aximeraki_mr55_firmwarecatalyst_9105axw1100_firmwaredebian_linuxscalance_w748-1_firmwarec-120webex_board_85sip_phone_8865catalyst_9130axiip_phone_8821_firmwarescalance_w721-1_firmwareaironet_ap803_firmwarecatalyst_9115axiir829-2lte-ea-ak9_firmwarecatalyst_9117ir829gw-lte-ga-zk9_firmwareaironet_1542dproset_ac_8260meraki_mx67cwac_9260webex_room_kitmeraki_gr60_firmwareaironet_ap803catalyst_9105axw_firmwaremeraki_mr84catalyst_9130_apmeraki_mr45_firmwareac_9560_firmwarec-260_firmwareproset_ac_9560_firmwarecatalyst_91241100-8p_firmwareip_phone_8832meraki_mx67wkiller_ac_1550_firmwaremeraki_z3meraki_mr33meraki_mr20_firmwarewebex_room_55meraki_mr74c-230_firmwarescalance_w788-2_firmwareir829-2lte-ea-ak9webex_board_85s_firmwaremeraki_mr20catalyst_9120_ap_firmwarescalance_w734-1_firmwareproset_wi-fi_6_ax200_firmwarewindows_server_2012scalance_w738-1o-90meraki_mr62meraki_mr32killer_wi-fi_6_ax1650proset_ac_3168_firmwarec-200_firmwaremeraki_mr36killer_ac_1550windows_7aironet_1542i_firmwareir829gw-lte-ga-sk9_firmwarewi-fi_6_ax200meraki_mr44_firmwaremeraki_mx68cwmeraki_mr32_firmwareaironet_1532_firmwarescalance_w748-1killer_wi-fi_6_ax1650_firmwarec-230scalance_w788-1_firmwareproset_ac_9462aironet_1532meraki_mr56_firmware1100-4p_firmwareaironet_1815i_firmwarescalance_w786-2iameraki_mr72_firmwareproset_wi-fi_6_ax201webex_room_70_single_g2meraki_mr30hmeraki_mr72catalyst_9117axi_firmwaremeraki_mr34_firmwaremeraki_mr42_firmwarewebex_board_70proset_ac_8265_firmwaremeraki_mr52proset_ac_9461_firmwarecatalyst_9120_firmwaremeraki_mr74_firmwareproset_ac_31651109-2pwebex_board_55s_firmwaremeraki_mr62_firmwaremeraki_mx64wwi-fi_6_ax201c-75_firmware1109-4paironet_1815_firmwarecatalyst_9115scalance_w1748-1scalance_w786-2_firmwarescalance_w778-1c-75meraki_mr52_firmwarecatalyst_9124axd_firmwarecatalyst_9124_firmwaremeraki_mr44scalance_wum763-1meraki_mr12_firmwareir829-2lte-ea-ek9ac_9560webex_room_55_dualmeraki_mr42e_firmwarescalance_w722-1c-65_firmwarescalance_w1788-2iaaironet_1542d_firmwarec-2001100-8pscalance_w778-1_firmwaremac80211webex_dx70_firmware1109-2p_firmwareaironet_1800iaironet_1842_firmwareir829-2lte-ea-ek9_firmwaremeraki_mr86_firmwarewebex_board_70_firmwareproset_ac_9462_firmwareaironet_1852meraki_mr66catalyst_9115_ap_firmwareir829gw-lte-na-ak9aironet_iw3702c-100o-105ip_phone_6861_firmwarescalance_wum766-1webex_room_kit_firmwaremeraki_mr33_firmwarec-130_firmwarelinux_kernelmeraki_mr30h_firmwarescalance_wam766-1_6ghz_firmwareo-90_firmwareproset_wi-fi_6e_ax210webex_board_70s_firmwaremeraki_mr42meraki_mx65w_firmwareac_8260_firmwarescalance_wum766-1_6ghzwindows_server_2019proset_ac_9560scalance_wam766-1_6ghzaironet_1832scalance_w761-1scalance_w774-1_firmwareproset_ac_9260_firmwarecatalyst_9124axdmeraki_mr42emeraki_mr84_firmwarecatalyst_9120axemeraki_mr76_firmwaremeraki_mr53_firmwarecatalyst_9130axeaironet_1815proset_wireless_7265_\(rev_d\)_firmwareieee_802.11scalance_w734-1proset_ac_3165_firmwarecatalyst_9130axe_firmwaremeraki_gr10_firmwaremeraki_mr46e_firmwarew-118aironet_1832_firmwareproset_ac_8265proset_ac_8260_firmwarecatalyst_9115_firmwareproset_wireless_7265_\(rev_d\)scalance_wam766-1scalance_wum766-1_firmwarewi-fi_6_ax200_firmwarecatalyst_9117_ap_firmwaremeraki_z3_firmwaremeraki_mr70_firmware1101-4p_firmwareir829gw-lte-ga-zk9webex_room_70_dual_g2wi-fi_6_ax201_firmwarec-110_firmwareproset_wi-fi_6_ax200scalance_w786-1webex_dx80scalance_w1788-2windows_server_2008catalyst_9124axi_firmwareip_phone_8865_firmwaremeraki_mx65wcatalyst_9130webex_room_70_dualaironet_1852_firmwarewebex_board_55scatalyst_9105axicatalyst_9120axi_firmwareip_phone_8861_firmwareir829-2lte-ea-bk9meraki_mx64w_firmwareo-105_firmwarecatalyst_9115axe_firmwaremeraki_mr70scalance_w774-1meraki_mr46_firmwareac_8265_firmwarekiller_wi-fi_6e_ax1675webex_dx70meraki_mr46ecatalyst_9130axi_firmwarecatalyst_9117axiscalance_w1750d_firmwarecatalyst_9120_apwindows_10catalyst_9105axi_firmwareaironet_1800aironet_1842catalyst_9120axe_firmware1109-4p_firmwarescalance_w1788-1scalance_w1788-2_firmwarecatalyst_9130_firmwarekiller_wi-fi_6e_ax1675_firmwaremeraki_mx67w_firmwareac_9260_firmwaremeraki_mr55webex_board_55_firmwarewebex_room_kit_minic-100_firmwareaironet_1810_firmwarewebex_room_70meraki_mr26webex_board_70sw-68_firmwarec-260ac_8260meraki_mr86webex_room_70_dual_firmwareproset_wi-fi_6_ax201_firmwarew-118_firmwarec-120_firmwaremeraki_mr56scalance_wam763-1scalance_w1750dscalance_wam763-1_firmwaremeraki_mr53scalance_w1748-1_firmwarec-130webex_room_70_firmwareir829-2lte-ea-bk9_firmwarescalance_w788-2aironet_1815icatalyst_9120axpmeraki_mr45scalance_w786-2ia_firmwarec-250_firmwarescalance_w788-1meraki_mr12meraki_z3c_firmwarewindows_server_2016aironet_1800_firmware1101-4pip_phone_68611100proset_ac_9260meraki_mx68wir829gw-lte-vz-ak9meraki_mr34catalyst_9115_apip_phone_8832_firmwarewebex_room_70_dual_g2_firmwareac_8265proset_ac_3168catalyst_9105_firmwareir829gw-lte-ga-sk9proset_wi-fi_6e_ax210_firmwarecatalyst_9115axeip_phone_8861windows_rt_8.1catalyst_9117_firmwarewebex_room_kit_mini_firmwarewebex_room_70_single_firmwareip_phone_8821c-110scalance_wam766-1_firmwarewebex_room_70_singlescalance_w738-1_firmwarecatalyst_9130_ap_firmwarecatalyst_9117_apir829gw-lte-ga-ek9proset_ac_9461scalance_w761-1_firmwarewindows_8.1meraki_mr53e_firmwaremeraki_mx68cw_firmwarescalance_w1788-2ia_firmwareir829gw-lte-ga-ek9_firmwaremeraki_mr76webex_room_55_dual_firmwaremeraki_mr66_firmwarecatalyst_9120axp_firmwarec-235_firmwarewebex_board_55catalyst_9124axic-235meraki_mr46c-65aironet_1810w_firmwareaironet_1800i_firmwarescalance_w1788-1_firmwarewebex_room_70_single_g2_firmwarecatalyst_9105c-250scalance_w786-2catalyst_9120aironet_1810wscalance_w721-1meraki_z3cscalance_w786-1_firmwarew-68aironet_iw3702_firmwarewebex_room_55_firmwaremeraki_mx67cw_firmwareir829gw-lte-vz-ak9_firmwaremeraki_mx68w_firmware1100-4paironet_1810meraki_gr60meraki_mr36_firmwaremeraki_mr53eir829gw-lte-na-ak9_firmwarecatalyst_9115axi_firmwarescalance_w722-1_firmwareaironet_1542iwebex_dx80_firmwareir829gw-lte-ga-ck9_firmwarescalance_wum763-1_firmwaren/aSCALANCE W786-2 SFPSCALANCE WAM763-1SCALANCE W1748-1 M12SCALANCE W788-1 RJ45SCALANCE W734-1 RJ45 (USA)SCALANCE W738-1 M12SCALANCE W1788-2 EEC M12SCALANCE W1788-1 M12SCALANCE W1788-2IA M12SCALANCE W774-1 RJ45SCALANCE W786-2 RJ45SCALANCE WUM766-1SCALANCE W788-2 M12SCALANCE WAM766-1 (US)SCALANCE WAM766-1 EEC (US)SCALANCE W778-1 M12 EEC (USA)SCALANCE W788-1 M12SCALANCE W721-1 RJ45SCALANCE W786-2IA RJ45SCALANCE W748-1 RJ45SCALANCE W788-2 RJ45SCALANCE W788-2 M12 EECSCALANCE W1750D (ROW)SCALANCE WUM763-1SCALANCE W734-1 RJ45SCALANCE W1788-2 M12SCALANCE W748-1 M12SCALANCE W786-1 RJ45SCALANCE W1750D (USA)SCALANCE W774-1 M12 EECSCALANCE W722-1 RJ45SCALANCE W1750D (JP)SCALANCE W774-1 RJ45 (USA)SCALANCE W778-1 M12SCALANCE WAM766-1 EECSCALANCE WUM766-1 (USA)SCALANCE W778-1 M12 EECSCALANCE WAM766-1SCALANCE W761-1 RJ45
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2023-29256
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.69%
||
7 Day CHG~0.00%
Published-09 Jul, 2023 | 23:27
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 information disclosure

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-17017
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-7.41% / 91.84%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:48
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Foundation 2010 Service Pack 2
CVE-2020-16979
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-7.41% / 91.84%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 06:47
Updated-10 Sep, 2024 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CVE-2023-37244
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.98%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 13:21
Updated-22 Jul, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in N-Able's AutomationManagerAgent

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0

Action-Not Available
Vendor-n-ableN-Ablen-ableMicrosoft Corporation
Product-automation_managerwindowsAutomationManagerAgentautomation_manager_agent
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-17120
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-12.69% / 94.09%
||
7 Day CHG~0.00%
Published-09 Dec, 2020 | 23:36
Updated-28 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Foundation 2010 Service Pack 2Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Server 2019
CVE-2025-47997
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.29%
||
7 Day CHG+0.07%
Published-09 Sep, 2025 | 17:01
Updated-20 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Information Disclosure Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2017sql_server_2016sql_server_2019sql_server_2022Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2022 (CU 20)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2023-35373
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 68.95%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mono Authenticode Validation Spoofing Vulnerability

Mono Authenticode Validation Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-monoMono 6.12.0
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-40482
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.72% / 88.15%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:27
Updated-04 Aug, 2024 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019
CVE-2021-31173
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-5.18% / 90.04%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-28 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_foundationsharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-27052
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-17.10% / 95.10%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:46
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016
CVE-2026-46544
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.33%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 21:53
Updated-28 May, 2026 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft UFO reuses client-supplied WebSocket session IDs and replays stale task results to new authenticated requesters

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied session_id values in WebSocket task messages and reuses an existing in-memory session object if that session_id already exists. If a prior session has completed and remains in memory with populated results, a different authenticated client can send a new TASK message using the same session_id. The server re-enters the existing session object and sends the stale stored result to the new requester through the normal send_task_end() callback path. This is an authenticated cross-client stale result replay issue. The issue requires that the attacker knows or can predict a live or recently completed session_id.

Action-Not Available
Vendor-Microsoft Corporation
Product-UFO
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-49783
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.24%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 18:36
Updated-24 Aug, 2025 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-linux_kernelwindowsopenpages_with_watsonOpenPages with Watson
CWE ID-CWE-329
Generation of Predictable IV with CBC Mode
CVE-2024-49784
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.80%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 18:35
Updated-24 Aug, 2025 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenPages with Watson information disclosure

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-linux_kernelwindowsopenpages_with_watsonOpenPages with Watson
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2021-24071
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-17.10% / 95.10%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Information Disclosure Vulnerability

Microsoft SharePoint Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Foundation 2010 Service Pack 2
CVE-2021-1724
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.95% / 76.65%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365_business_centraldynamics_navMicrosoft Dynamics 365 Business Central 2020 Release Wave 1Microsoft Dynamics NAV 2017Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)Microsoft Dynamics NAV 2015Microsoft Dynamics NAV 2016Microsoft Dynamics 365 Business Central 2020 Release Wave 2Microsoft Dynamics NAV 2018
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-43186
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.40%
||
7 Day CHG~0.00%
Published-28 Mar, 2025 | 23:49
Updated-01 Sep, 2025 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.

Action-Not Available
Vendor-Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-windowsinfosphere_information_serverlinux_kernelaixInfoSphere Information Server
CWE ID-CWE-256
Plaintext Storage of a Password
Details not found