6.5

CVE-2023-36761

Warnung

Microsoft Word Information Disclosure Vulnerability

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft365 Apps Version- SwEditionenterprise HwPlatformx64
Microsoft365 Apps Version- SwEditionenterprise HwPlatformx86
MicrosoftOffice Version2019 HwPlatformx64
MicrosoftOffice Version2019 HwPlatformx86
MicrosoftOffice Long Term Servicing Channel Version2021 HwPlatformx64
MicrosoftOffice Long Term Servicing Channel Version2021 HwPlatformx86
MicrosoftWord Version2013 Updatesp1 HwPlatformx64
MicrosoftWord Version2013 Updatesp1 HwPlatformx86
MicrosoftWord Version2013 Updatesp1 SwEditionrt
MicrosoftWord Version2016 HwPlatformx64
MicrosoftWord Version2016 HwPlatformx86

12.09.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Word Information Disclosure Vulnerability

Schwachstelle

Microsoft Word contains an unspecified vulnerability that allows for information disclosure.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.71% 0.875
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
secure@microsoft.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.