PT-2023-12452 · Unknown · Onlyoffice

Iain Wallace

·

Publicado

2023-01-23

·

Atualizado

2025-04-02

·

CVE-2021-43448

CVSS v3.1

5.3

Média

VetorAV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions ONLYOFFICE all versions as of 2021-11-08
Description The issue is related to Improper Input Validation, which can be exploited if the document id is known, allowing an attacker to spoof user names who interact with a document.
Recommendations For all versions as of 2021-11-08, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2021-43448

Produtos afetados

Onlyoffice