cvelistv5 - CVE-2022-21840

CVE-2022-21840

Vulnerability from cvelistv5

Published

2022-01-11 20:22

Modified

2024-11-14 20:07

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft Office Remote Code Execution Vulnerability

References

▼	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SharePoint Enterprise Server 2016
	Microsoft	Microsoft SharePoint Enterprise Server 2013 Service Pack 1
	Microsoft	Microsoft SharePoint Server 2019
	Microsoft	Microsoft Office 2019
	Microsoft	Microsoft Office 2019 for Mac
	Microsoft	Microsoft Office Online Server
	Microsoft	Microsoft 365 Apps for Enterprise
	Microsoft	Microsoft Office LTSC for Mac 2021
	Microsoft	Microsoft Office LTSC 2021
	Microsoft	Microsoft SharePoint Server Subscription Edition
	Microsoft	SharePoint Server Subscription Edition Language Pack
	Microsoft	Microsoft Excel 2016
	Microsoft	Microsoft Office 2016
	Microsoft	Microsoft Excel 2013 Service Pack 1
	Microsoft	Microsoft Office 2013 Service Pack 1
	Microsoft	Microsoft Office Web Apps Server 2013 Service Pack 1
	Microsoft	Microsoft SharePoint Foundation 2013 Service Pack 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:53:36.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5266.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5415.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10382.20004",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office 2019 for Mac",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.57.22011101",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office Online Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.10382.20004",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office LTSC for Mac 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.57.22011101",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems",
            "32-bit Systems"
          ],
          "product": "Microsoft Office LTSC 2021",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Server Subscription Edition",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.14326.20714",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "SharePoint Server Subscription Edition Language Pack",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.14326.20714",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
            "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5266.1000",
              "status": "affected",
              "version": "16.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
            "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.5266.1000",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "16.0.5266.1001",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
            "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*",
            "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*"
          ],
          "platforms": [
            "ARM64-based Systems",
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Excel 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5415.1000",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
            "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*",
            "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*"
          ],
          "platforms": [
            "ARM64-based Systems",
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5415.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.0.5415.1001",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Office Web Apps Server 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5415.1000",
              "status": "affected",
              "version": "15.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.5415.1000",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-01-11T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-14T20:07:22.252Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Office Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840"
        }
      ],
      "title": "Microsoft Office Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-21840",
    "datePublished": "2022-01-11T20:22:19",
    "dateReserved": "2021-12-14T00:00:00",
    "dateUpdated": "2024-11-14T20:07:22.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-21840\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2022-01-11T21:15:09.483\",\"lastModified\":\"2024-11-14T21:15:08.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Office Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota de Microsoft Office\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"48B20360-1A85-4A6A-BA03-0B62C97CCB0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*\",\"matchCriteriaId\":\"E8426C4D-C00D-44C2-B072-9D600C8B9543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"CD88F667-6773-4DB7-B6C3-9C7B769C0808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"B342EF98-B414-44D0-BAFB-FCA24294EECE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"24DD7E07-4BB1-4914-9CDE-5A27A9A3920E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*\",\"matchCriteriaId\":\"ADA0E394-3B5E-4C34-955B-EAB645A37518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*\",\"matchCriteriaId\":\"F7DDFFB8-2337-4DD7-8120-56CC8EF134B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"72324216-4EB3-4243-A007-FEF3133C7DF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"0FBB0E61-7997-4F26-9C07-54912D3F1C10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"CF5DDD09-902E-4881-98D0-CB896333B4AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"26A3B226-5D7C-4556-9350-5222DC8EFC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*\",\"matchCriteriaId\":\"40961B9E-80B6-42E0-A876-58B3CE056E4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*\",\"matchCriteriaId\":\"1AC0C23F-FC55-4DA1-8527-EB4432038FB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*\",\"matchCriteriaId\":\"A719B461-7869-46D0-9300-D0A348DC26A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:*\",\"matchCriteriaId\":\"0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E98AE986-FA31-4301-8025-E8915BA4AC5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3C3FC9A-D8E5-493A-A575-C831A9A28815\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D3A185-BE57-403E-914E-FDECEC3A477C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*\",\"matchCriteriaId\":\"AC8BB33F-44C4-41FE-8B17-68E3C4B38142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*\",\"matchCriteriaId\":\"FA51E2C8-321F-454B-A9C1-060885C1F892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"157CBD57-8A1B-4B57-8371-88EF4254A663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"F815EF1D-7B60-47BE-9AC2-2548F99F10E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6122D014-5BF1-4AF4-8B4D-80205ED7785E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840\",\"source\":\"secure@microsoft.com\"}]}}"
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-21840

Vulnerability from cvelistv5

ghsa-rq4v-w4c3-3h29

Vulnerability from github

gsd-2022-21840

Vulnerability from gsd

Tags

Sightings

Nomenclature