CVE-2021-40482: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Information Disclosure Vulnerability (CVE-2021-40482) was disclosed and patched as part of Microsoft's October 2021 Patch Tuesday updates. The vulnerability affects Microsoft SharePoint Server 2019 and could potentially lead to unauthorized information disclosure (NVD).

The vulnerability has received varying severity assessments from different sources. Microsoft Corporation assigned it a CVSS v3.1 base score of 5.3 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N, while the NVD assessment rated it at 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

This vulnerability could allow an attacker to access sensitive information on affected SharePoint Server installations. The vulnerability primarily affects the confidentiality of the system, with no direct impact on integrity or availability (NVD).

Microsoft has released a security update to address this vulnerability. The fix is included in the October 2021 security updates for SharePoint Server 2019 (KB5002028). Organizations are advised to apply the security update to affected systems (Microsoft Support).