18 matches found
CVE-2021-43445
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key...
PT-2023-12452 · Unknown · Onlyoffice
Name of the Vulnerable Software and Affected Versions: ONLYOFFICE all versions as of 2021-11-08 Description: The issue is related to Improper Input Validation, which can be exploited if the document id is known, allowing an attacker to spoof user names who interact with a document. Recommendation...
PT-2023-12453 · Unknown · Onlyoffice
Name of the Vulnerable Software and Affected Versions: ONLYOFFICE all versions as of 2021-11-08 Description: The issue allows for Server-Side Request Forgery SSRF, where the document editor service can be exploited to read and serve arbitrary URLs as a document. Recommendations: For all versions ...
CVE-2021-43444
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key...
ONLYOFFICE 代码问题漏洞
Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08 that stems from susceptibility to server-side request forgery SSRF attacks. The Document Editor service can be misused to read arbitrary...
CVE-2020-4153
creationtimestamp| type| source ---|---|--- 2021-11-08 20:36:09+00:00| seen| https://t.me/cibsecurity/32010...
CVE-2021-40577
creationtimestamp| type| source ---|---|--- 2021-11-08 20:29:33+00:00| seen| https://t.me/cibsecurity/32001...
CVE-2021-29735
creationtimestamp| type| source ---|---|--- 2021-11-08 20:29:31+00:00| seen| https://t.me/cibsecurity/32000...
CVE-2021-24706
creationtimestamp| type| source ---|---|--- 2021-11-08 20:29:07+00:00| seen| https://t.me/cibsecurity/31987...
CVE-2021-42770
creationtimestamp| type| source ---|---|--- 2021-11-08 18:29:04+00:00| seen| https://t.me/cibsecurity/31983...
CVE-2021-28024
creationtimestamp| type| source ---|---|--- 2021-11-08 18:29:02+00:00| seen| https://t.me/cibsecurity/31981...
CVE-2021-32481
creationtimestamp| type| source ---|---|--- 2021-11-08 16:28:38+00:00| seen| https://t.me/cibsecurity/31972...
CVE-2021-22051
creationtimestamp| type| source ---|---|--- 2021-11-08 16:28:33+00:00| seen| https://t.me/cibsecurity/31969...
CVE-2021-29243
creationtimestamp| type| source ---|---|--- 2021-11-08 16:28:32+00:00| seen| https://t.me/cibsecurity/31968...
CVE-2020-1555
creationtimestamp| type| source ---|---|--- 2021-11-08 08:58:19+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422...
CVE-2021-42073
creationtimestamp| type| source ---|---|--- 2021-11-08 07:28:32+00:00| seen| https://t.me/cibsecurity/31946...
CVE-2021-31601
creationtimestamp| type| source ---|---|--- 2021-11-08 07:28:31+00:00| seen| https://t.me/cibsecurity/31945...
CVE-2021-26854
creationtimestamp| type| source ---|---|--- 2021-03-03 02:44:45+00:00| seen| https://t.me/cibsecurity/24377 2021-11-08 08:58:19+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422...