CVE-2021-42294: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-42294) was disclosed in December 2021. This vulnerability affects multiple versions of SharePoint Server including SharePoint Enterprise Server 2013 SP1, SharePoint Server 2016, SharePoint Foundation 2013 SP1, SharePoint Server Subscription Edition, and SharePoint Server 2019 (NVD).

The vulnerability received a CVSS v3.1 base score of 7.2 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. Under CVSS v2.0, it was rated as 6.5 (Medium) with the vector (AV:N/AC:L/Au:S/C:P/I:P/A:P) (NVD).

This vulnerability could allow remote code execution on affected SharePoint Server installations. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the affected systems (Microsoft Support).

Microsoft released security updates to address this vulnerability in December 2021. The fixes are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For SharePoint Server Subscription Edition, the update is KB5002045, and for SharePoint Server 2019 Language Pack, the update is KB5002061 (Microsoft Support).