CVE-2020-1229
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:31
Severity ?
EPSS score ?
Summary
A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.
References
▼ | URL | Tags | |
---|---|---|---|
secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1229 | Patch, Vendor Advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:31:59.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1229" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Office", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2019 for 32-bit editions" }, { "status": "affected", "version": "2019 for 64-bit editions" }, { "status": "affected", "version": "2019 for Mac" }, { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2016 for Mac" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" }, { "status": "affected", "version": "2013 RT Service Pack 1" }, { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" } ] }, { "product": "Microsoft Word", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "2016 (32-bit edition)" }, { "status": "affected", "version": "2016 (64-bit edition)" }, { "status": "affected", "version": "2010 Service Pack 2 (32-bit editions)" }, { "status": "affected", "version": "2010 Service Pack 2 (64-bit editions)" }, { "status": "affected", "version": "2013 RT Service Pack 1" }, { "status": "affected", "version": "2013 Service Pack 1 (32-bit editions)" }, { "status": "affected", "version": "2013 Service Pack 1 (64-bit editions)" } ] } ], "descriptions": [ { "lang": "en", "value": "A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka \u0027Microsoft Outlook Security Feature Bypass Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Security Feature Bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-09T19:43:31", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1229" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-1229", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft 365 Apps for Enterprise for 32-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft 365 Apps for Enterprise for 64-bit Systems", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Office", "version": { "version_data": [ { "version_value": "2019 for 32-bit editions" }, { "version_value": "2019 for 64-bit editions" }, { "version_value": "2019 for Mac" }, { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2016 for Mac" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" }, { "version_value": "2013 RT Service Pack 1" }, { "version_value": "2013 Service Pack 1 (32-bit editions)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" } ] } }, { "product_name": "Microsoft Word", "version": { "version_data": [ { "version_value": "2016 (32-bit edition)" }, { "version_value": "2016 (64-bit edition)" }, { "version_value": "2010 Service Pack 2 (32-bit editions)" }, { "version_value": "2010 Service Pack 2 (64-bit editions)" }, { "version_value": "2013 RT Service Pack 1" }, { "version_value": "2013 Service Pack 1 (32-bit editions)" }, { "version_value": "2013 Service Pack 1 (64-bit editions)" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka \u0027Microsoft Outlook Security Feature Bypass Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Security Feature Bypass" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1229", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1229" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1229", "datePublished": "2020-06-09T19:43:31", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:31:59.949Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-1229\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2020-06-09T20:15:15.350\",\"lastModified\":\"2021-07-21T11:39:23.747\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka \u0027Microsoft Outlook Security Feature Bypass Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en Microsoft Outlook cuando Office presenta un fallo al aplicar unos ajustes de seguridad configurados en un sistema, tambi\u00e9n se conoce como \\\"Microsoft Outlook Security Feature Bypass Vulnerability\\\"\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"40C15EDD-98D4-4D06-BA06-21AE0F33C72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2010:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"081DE1E3-4622-4C32-8B9C-9AEC1CD20638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"120690A6-E0A1-4E36-A35A-C87109ECC064\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0B3B0BC-C7C6-4687-AD72-DCA29FF9AE3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:mac_os:*:*\",\"matchCriteriaId\":\"A1A868C4-0A58-4660-9492-1BADD99D8E59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*\",\"matchCriteriaId\":\"C5282C83-86B8-442D-851D-B54E88E8B1F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:mac_os:*:*\",\"matchCriteriaId\":\"7996347F-FA43-4665-93AF-8FAA8E720D4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2010:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"24EEDAD9-9656-4B21-82E4-D60B83777492\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2013:sp1:*:*:-:*:*:*\",\"matchCriteriaId\":\"D7A48E44-F01A-40AD-B8AF-8FE368248003\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"45E21528-4B0F-4A6F-82AD-DF7FDBF67C8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DA042D4-B14E-4DDF-8423-DFB255679EFE\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1229\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.