{"vulnerability": "CVE-2021-26420", "sightings": [{"uuid": "087c1611-04c1-4529-95c7-ab5b6692e7e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26420", "type": "published-proof-of-concept", "source": "https://t.me/cKure/7565", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2021-26420: Remote Code Execution In Sharepoint Via Workflow Compilation.\n\nhttps://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation", "creation_timestamp": "2021-10-09T23:32:33.000000Z"}, {"uuid": "a6f9c000-369d-4f65-89f0-6d22c2e4852f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26420", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/80", "content": "CVE-2021-26420: Remote Code Execution in Sharepoint via workflow compilation\n\ud83d\udc64 by The ZDI Research Team\n\nIn June of 2021, Microsoft released a patch to correct CVE-2021-26420 \u2013 a remote code execution bug in the supported versions of Microsoft SharePoint Server. This bug was reported to the ZDI program by an anonymous researcher and is also known as ZDI-21-755. This blog takes a deeper look at the root cause of this vulnerability.\nThis vulnerability could be used by an authenticated user to execute arbitrary .NET code on the server in the context and permissions of the service account of a SharePoint web application. For a successful attack, the attacker should have \u201cManage Lists\u201d permissions on any SharePoint site. By default, any authenticated user can create their own site where they have the necessary permissions.\n\n\ud83d\udcdd Contents: \n\u2022 The Vulnerability\n\u2022 Proof of Concept\n\u2022 Achieving Remote Code Execution\n\u2022 Conclusion\n\nhttps://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation", "creation_timestamp": "2021-10-07T08:32:39.000000Z"}, {"uuid": "14fa279c-4557-4502-a335-b2f7101d08d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26420", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4463", "content": "#Threat_Research\nRCE in Microsoft SharePoint via Workflow Compilation (PoC for CVE-2021-26420)\nhttps://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation", "creation_timestamp": "2021-10-07T11:05:05.000000Z"}]}