CVE-2021-43447

2023-01-2300:00:00

mitre

www.cve.org

onlyoffice

access control

authentication bypass

document editing

cve-2021-43447

EPSS

0.001

Percentile

37.1%

JSON

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication.

References

github.com/ONLYOFFICE/server

labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/

www.onlyoffice.com/

EPSS

0.001

Percentile

37.1%

JSON

Related for CVELIST:CVE-2021-43447