CVE-2023-36767

EPSS 0.33%
Published 12.09.2023 17:15:13
Last modified 21.11.2024 08:10:33
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Office Security Feature Bypass Vulnerability

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ 365 Apps Version- SwEditionenterprise

Microsoft ≫ Office Version2013 Updatesp1

Microsoft ≫ Office Version2013 Updatesp1 SwEditionrt

Microsoft ≫ Office Version2016

Microsoft ≫ Office Version2019 SwPlatform-

Microsoft ≫ Office Version2019 SwPlatformmacos

Microsoft ≫ Office Long Term Servicing Channel Version2021

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.547

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
secure@microsoft.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36767

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-36767

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-36767

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-36767

EUVD