CVE-2021-31181: 
vulnerability analysis and mitigation

CVE-2021-31181 is a remote code execution vulnerability in Microsoft SharePoint Server that was disclosed on May 11, 2021. The vulnerability exists within the handling of server-side controls in WebParts, where by specifying a control using a non-canonical string, an unsafe server-side control can be instantiated (ZDI Advisory).

The vulnerability has a CVSS score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The specific flaw exists within the handling of server-side controls in WebParts. When an attacker specifies a control using a non-canonical string, it can lead to the instantiation of an unsafe server-side control. Authentication is required to exploit this vulnerability (ZDI Advisory).

A successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. An attacker can leverage this vulnerability to execute code in the context of the service account (ZDI Advisory).

Microsoft has released a security update to address this vulnerability. The fix is included in the May 11, 2021 security update. For SharePoint Foundation 2013, the update is KB5001935 (Microsoft Support).