Lucene search

[email protected]CVE-2020-1322

HistoryJun 09, 2020 - 8:15 p.m.

CVE-2020-1322

2020-06-0920:15:21

CWE-908

CWE-125

[email protected]

web.nvd.nist.gov

cve-2020-1322

microsoft project

information disclosure

vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.9%

JSON

An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka ‘Microsoft Project Information Disclosure Vulnerability’.

Affected configurations

Vulners

NVD

Node

microsoftproject

microsoftoffice

microsoft365_apps

VendorProductVersionCPE
microsoftproject*cpe:2.3:a:microsoft:project:*:*:*:*:*:*:*:*
microsoftproject*cpe:2.3:a:microsoft:project:*:*:*:*:*:*:*:*
microsoftproject*cpe:2.3:a:microsoft:project:*:*:*:*:*:*:*:*
microsoftproject*cpe:2.3:a:microsoft:project:*:*:*:*:*:*:*:*
microsoftproject*cpe:2.3:a:microsoft:project:*:*:*:*:*:*:*:*
microsoftproject*cpe:2.3:a:microsoft:project:*:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoftoffice*cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*
microsoft365_apps*cpe:2.3:a:microsoft:365_apps:*:*:*:*:*:*:*:*
microsoft365_apps*cpe:2.3:a:microsoft:365_apps:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	project	*	cpe:2.3:a:microsoft:project::::::::
microsoft	project	*	cpe:2.3:a:microsoft:project::::::::
microsoft	project	*	cpe:2.3:a:microsoft:project::::::::
microsoft	project	*	cpe:2.3:a:microsoft:project::::::::
microsoft	project	*	cpe:2.3:a:microsoft:project::::::::
microsoft	project	*	cpe:2.3:a:microsoft:project::::::::
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	office	*	cpe:2.3:a:microsoft:office::::::::
microsoft	365_apps	*	cpe:2.3:a:microsoft:365_apps::::::::
microsoft	365_apps	*	cpe:2.3:a:microsoft:365_apps::::::::

CNA Affected

[
  {
    "product": "Microsoft Project",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2013 Service Pack 1 (32-bit editions)"
      },
      {
        "status": "affected",
        "version": "2013 Service Pack 1 (64-bit editions)"
      },
      {
        "status": "affected",
        "version": "2016 (32-bit edition)"
      },
      {
        "status": "affected",
        "version": "2016 (64-bit edition)"
      },
      {
        "status": "affected",
        "version": "2010 Service Pack 2 (32-bit editions)"
      },
      {
        "status": "affected",
        "version": "2010 Service Pack 2 (64-bit editions)"
      }
    ]
  },
  {
    "product": "Microsoft Office",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2019 for 32-bit editions"
      },
      {
        "status": "affected",
        "version": "2019 for 64-bit editions"
      }
    ]
  },
  {
    "product": "Microsoft 365 Apps for Enterprise for 64-bit Systems",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Microsoft 365 Apps for Enterprise for 32-bit Systems",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]