Vulnerability Details CVE-2021-43447
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.9%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/ONLYOFFICE/server
- https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/
- https://www.onlyoffice.com/
- https://github.com/ONLYOFFICE/server
- https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/
- https://www.onlyoffice.com/
Products affected by CVE-2021-43447
-
cpe:2.3:a:onlyoffice:server:7.0.0.49