This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the System.Workflow.ComponentModel.Compiler.WorkflowCompilerInternal class. This class allows an malicious user to specify a path to an arbitrary workflow definition file. An attacker can leverage this vulnerability to execute code in the context of the web service account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft sharepoint foundation 2013 |
||
microsoft sharepoint enterprise server 2016 |
||
microsoft sharepoint server 2019 |