What is CVE-2021-40487?

CVE-2021-40487 is a high-severity remote code execution vulnerability in Microsoft SharePoint Server. Organizations should prioritize patching to mitigate potential exploitation risks.

What is the severity of CVE-2021-40487?

CVE-2021-40487 has a severity rating of HIGH with a CVSS base score of 8.1.

CVE-2021-40487 | High Vulnerability in Microsoft SharePoint Server

CVE-2021-40487 is a high-severity vulnerability that affects Microsoft SharePoint Server, specifically enabling remote code execution. This vulnerability allows attackers to exploit the system by sending specially crafted requests, resulting in the execution of arbitrary code on the affected server. The CVSS score of 8.1 reflects the potential impact and the ease of exploitation, making it critical for organizations to address this vulnerability.

The risk to organizations includes unauthorized access to sensitive data and potential control over affected systems. Given that the attack vector is network-based and requires low privileges, attackers may leverage this vulnerability to gain significant access without needing extensive resources or capabilities.

Although no public exploits have been confirmed, the high CVSS score indicates that organizations should prioritize patching immediately. It is essential to ensure that all SharePoint installations are updated to the latest versions to mitigate risks associated with this vulnerability.

Organizations using SharePoint products should be aware of the urgency of this vulnerability and take necessary actions to protect their systems.

Vulnerability Details

This vulnerability allows remote code execution in Microsoft SharePoint Server. The vulnerability has a CVSS score of 8.1, indicating high severity, and is classified under CWE-94 (Code Injection). The affected products include SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, and SharePoint Server 2019. The vulnerability was published on October 13, 2021.

Technical Analysis

The root cause of this vulnerability stems from improper handling of user input in SharePoint Server. Attackers may exploit this issue via a network attack, which requires low attack complexity and low privileges. User interaction is not required for successful exploitation, leading to a significant confidentiality and integrity impact due to the potential for executing arbitrary code.

Risk & Impact Analysis

Real-world deployment of vulnerable SharePoint Server versions poses a high risk to organizations. The blast radius is substantial, as successful exploitation can lead to unauthorized access to sensitive data and control over critical infrastructure. Organizations need to assess their exposure and prioritize remediation efforts based on the CVSS score and potential exploitability.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions of Microsoft SharePoint Server are affected: SharePoint Enterprise Server 2016, SharePoint Foundation 2013 (SP1), and SharePoint Server 2019. Organizations should ensure that they are running patched versions to address this vulnerability.

Mitigation & Remediation

To mitigate the risk associated with CVE-2021-40487, organizations should apply available patches provided by Microsoft. The relevant security updates for affected SharePoint versions can be found in the Microsoft Security Update Guide. Organizations should prioritize this vulnerability in their patch management cycle.

Detection Guidance

Organizations should monitor system logs for unusual activity that may indicate attempts to exploit this vulnerability. Behavioral anomalies in network traffic to SharePoint servers should be investigated promptly.

AppSecure Threat Intelligence Insight

CVE-2021-40487 illustrates the ongoing risk associated with remote code execution vulnerabilities in widely used software like Microsoft SharePoint. Security teams should adopt a proactive approach to vulnerability management and prioritize patching efforts. For further guidance, organizations can refer to our vulnerability management program resources to ensure robust security postures.

Additionally, organizations should consider implementing comprehensive security testing practices, such as penetration testing, to identify and address vulnerabilities before they can be exploited.

In conclusion, continuous monitoring of vulnerabilities and the implementation of effective mitigation strategies are crucial to safeguarding against potential threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-40487: High Vulnerability in Microsoft SharePoint Server