Lucene search
MicrosoftCVE-2023-35311HistoryJul 11, 2023 - 6:15 p.m.
CVE-2023-35311
2023-07-1118:15:17
CWE-367
microsoft
web.nvd.nist.gov
438
In Wild
cve-2023-35311
microsoft outlook
security
feature bypass
vulnerability
nvd
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
AI Score
8.4
Confidence
High
EPSS
0.603
Percentile
97.8%
Microsoft Outlook Security Feature Bypass Vulnerability
Affected configurations
Node
microsoft365_appsMatch-enterprise
ORmicrosoftofficeMatch2019
ORmicrosoftofficeMatch2021ltsc
ORmicrosoftoutlookMatch2013----
ORmicrosoftoutlookMatch2013sp1rt
ORmicrosoftoutlookMatch2016
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | 365_apps | - | cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* |
| microsoft | office | 2019 | cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
| microsoft | office | 2021 | cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:* |
| microsoft | outlook | 2013 | cpe:2.3:a:microsoft:outlook:2013:-:-:*:-:-:*:* |
| microsoft | outlook | 2013 | cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:* |
| microsoft | outlook | 2016 | cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Microsoft 365 Apps for Enterprise",
"cpes": [
"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "16.0.1",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Office LTSC 2021",
"cpes": [
"cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "16.0.1",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Office 2019",
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "19.0.0",
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Outlook 2016",
"cpes": [
"cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x86:*:*",
"cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x64:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "16.0.0.0",
"lessThan": "16.0.5404.1000",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Outlook 2013",
"cpes": [
"cpe:2.3:a:microsoft:outlook:2013:-:-:*:-:-:x86:*",
"cpe:2.3:a:microsoft:outlook:2013:-:-:*:-:-:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "14.0.0",
"lessThan": "15.0.5571.1000",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Outlook 2013 Service Pack 1",
"cpes": [
"cpe:2.3:a:microsoft:outlook:2013:*:*:*:rt:*:*:*"
],
"platforms": [
"ARM64-based Systems"
],
"versions": [
{
"version": "15.0.0.0",
"lessThan": "15.0.5571.1000",
"versionType": "custom",
"status": "affected"
}
]
}
]Related
prion
prion
Security feature bypass
2023-07-11 18:15:00
nvd
nvd
CVE-2023-35311
2023-07-11 18:15:17
attackerkb
attackerkb
CVE-2023-35311
2023-07-11 00:00:00
mscve
mscve
Microsoft Outlook Security Feature Bypass Vulnerability
2023-07-11 07:00:00
cvelist
cvelist
CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability
2023-07-11 17:03:27
cisa_kev
cisa_kev
Microsoft Outlook Security Feature Bypass Vulnerability
2023-07-11 00:00:00
nessus
nessus
Security Updates for Outlook C2R Multiple Vulnerabilities (July 2023)
2023-07-12 00:00:00
Security Updates for Outlook (July 2023)
2023-07-11 00:00:00
openvas
openvas
Microsoft Outlook 2013 Service Pack 1 Multiple Vulnerabilities (KB5002432)
2023-07-12 00:00:00
Microsoft Outlook 2016 Multiple Vulnerabilities (KB5002427)
2023-07-12 00:00:00
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jul 2023)
2023-07-12 00:00:00
mskb
mskb
thn
thn
krebs
krebs
Apple & Microsoft Patch Tuesday, July 2023 Edition
2023-07-11 22:55:07
malwarebytes
malwarebytes
Update now! Microsoft patches a whopping 130 vulnerabilities
2023-07-12 03:00:00
qualysblog
qualysblog
Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security
2023-07-14 20:55:16
Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review
2023-07-11 20:30:33
talosblog
talosblog
kaspersky
kaspersky
KLA50773 Multiple vulnerabilities in Microsoft Office
2023-07-11 00:00:00
avleonov
avleonov
rapid7blog
rapid7blog
Patch Tuesday - July 2023
2023-07-11 21:50:34
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
AI Score
8.4
Confidence
High
EPSS
0.603
Percentile
97.8%
Related for CVE-2023-35311