CVE-2021-28474: 
vulnerability analysis and mitigation

CVE-2021-28474 is a remote code execution vulnerability in Microsoft SharePoint Server that was disclosed on May 11, 2021. The vulnerability affects multiple versions of SharePoint, including SharePoint Foundation 2013 SP1, SharePoint Server 2016 Enterprise, and SharePoint Server 2019. This security flaw received a CVSS v3.1 base score of 8.8 (HIGH) (ZDI Advisory).

The vulnerability exists within the handling of server-side controls in SharePoint Server. The specific flaw occurs when processing non-canonical strings for server-side controls, which can lead to the instantiation of unsafe server-side controls. The vulnerability is classified under CWE-436 (Interpretation Conflict) and requires authentication to exploit (ZDI Advisory, NVD).

If successfully exploited, this vulnerability allows authenticated remote attackers to execute arbitrary code in the context of the service account on affected SharePoint Server installations. This could lead to complete compromise of the affected system with the same privileges as the SharePoint service account (ZDI Advisory).

Microsoft has released security updates to address this vulnerability. Organizations running affected versions of SharePoint Server should apply the relevant security patches provided through Microsoft's May 2021 security updates (NVD).