ioc[.]one - OSINT Cyber Threat Intelligence Database

Zero Day Initiative — CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation

Tags

attack-pattern:

Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Web Service - T1481 Web Service - T1102

Show in Graph

Common Information

Type	Value
UUID	d30a1197-4dc7-4226-98ef-ae7b2551820c
Fingerprint	9f4b35020e37ca01
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 5, 2021, midnight
Added to db	Jan. 19, 2023, 12:15 a.m.
Last updated	Nov. 8, 2024, 11:37 a.m.
Headline	CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
Title	Zero Day Initiative — CVE-2021-26420: Remote Code Execution in SharePoint via Workflow Compilation
Detected Hints/Tags/Attributes	26/1/9

Source URLs

	Redirection	Url
Details	Source	http://www.thezdi.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation

URL Provider

Details	Provider	Source level domain
Details	thezdi.com	www.thezdi.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	2		cve-2021-26420
Details	File	70		web.config
Details	File	1		wf02config.xml
Details	File	2		webpartpages.asmx
Details	File	1		sp_soap_rce_poc.exe
Details	File	1		listedit.aspx
Details	File	1		wf02config.txt
Details	File	1		poc_sprce02.txt
Details	TippingPoint Zero Day Initiative	2		ZDI-21-755