CVE-2022-21840 - Vulnerability Details

Vendors	Products
Microsoft	Excel Office Office Online Server Office Web Apps Sharepoint Enterprise Server Sharepoint Server

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:microsoft:365_apps:-::::enterprise::: cpe:2.3:a:microsoft:excel:2013:sp1:::rt:::* cpe:2.3:a:microsoft:office:2019:::::::* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:::::::* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:::::macos:: cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:::::: cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1::::::
Vendors & Products	Microsoft 365 Apps Microsoft office Long Term Servicing Channel Microsoft office Web Apps Server Microsoft sharepoint Foundation

Type	Values Removed	Values Added
References		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840

Type	Values Removed	Values Added
References	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840

Type	Values Removed	Values Added
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840

Show plain JSON

{"containers": {"cna": {"title": "Microsoft Office Remote Code Execution Vulnerability", "datePublic": "2022-01-11T08:00:00+00:00", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.5266.1000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.5415.1000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.10382.20004"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.0.0", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.57.22011101"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "16.0.10382.20004"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "16.57.22011101"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.14326.20714"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.14326.20714"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.5266.1000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.5266.1000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:excel:*:sp1:*:*:rt:*:*:*", "versionStartIncluding": "15.0.0.0", "versionEndExcluding": "15.0.5415.1000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:*:sp1:*:*:rt:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.5415.1000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:*", "versionStartIncluding": "15.0.1", "versionEndExcluding": "15.0.5415.1000"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.5415.1000"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2016", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.5266.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Enterprise Server 2013 Service Pack 1", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "15.0.5415.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server 2019", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.10382.20004", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office 2019", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "19.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office 2019 for Mac", "platforms": ["Unknown"], "versions": [{"version": "16.0.0", "lessThan": "16.57.22011101", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office Online Server", "platforms": ["Unknown"], "versions": [{"version": "16.0.1", "lessThan": "16.0.10382.20004", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC for Mac 2021", "platforms": ["Unknown"], "versions": [{"version": "16.0.1", "lessThan": "16.57.22011101", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2021", "platforms": ["x64-based Systems", "32-bit Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Server Subscription Edition", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.14326.20714", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "SharePoint Server Subscription Edition Language Pack", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.14326.20714", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Excel 2016", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0.0", "lessThan": "16.0.5266.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office 2016", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.5266.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Excel 2013 Service Pack 1", "platforms": ["ARM64-based Systems", "32-bit Systems", "x64-based Systems"], "versions": [{"version": "15.0.0.0", "lessThan": "15.0.5415.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office 2013 Service Pack 1", "platforms": ["ARM64-based Systems", "32-bit Systems", "x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "15.0.5415.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office Web Apps Server 2013 Service Pack 1", "platforms": ["Unknown"], "versions": [{"version": "15.0.1", "lessThan": "15.0.5415.1000", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SharePoint Foundation 2013 Service Pack 1", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "15.0.5415.1000", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Office Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-02T18:22:52.048Z"}, "references": [{"name": "Microsoft Office Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:36.406Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2022-21840", "datePublished": "2022-01-11T20:22:19", "dateReserved": "2021-12-14T00:00:00", "dateUpdated": "2025-01-02T18:22:52.048Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

title : Microsoft Office Remote Code Execution Vulnerability (string)

datePublic : 2022-01-11T08:00:00+00:00 (string)

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:* (string)

versionStartIncluding : 16.0.0 (string)

versionEndExcluding : 16.0.5266.1000 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sharepoint_server:*:sp1:*:*:enterprise:*:*:* (string)

versionStartIncluding : 15.0.0 (string)

versionEndExcluding : 15.0.5415.1000 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 16.0.0 (string)

versionEndExcluding : 16.0.10382.20004 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 19.0.0 (string)

versionEndExcluding : https://aka.ms/OfficeSecurityReleases (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:office:*:*:*:*:*:macos:*:* (string)

versionStartIncluding : 16.0.0 (string)

versionEndExcluding : 16.57.22011101 (string)

}

5 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 16.0.1 (string)

versionEndExcluding : 16.0.10382.20004 (string)

}

6 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:* (string)

versionStartIncluding : 16.0.1 (string)

versionEndExcluding : https://aka.ms/OfficeSecurityReleases (string)

}

7 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:macos:*:* (string)

versionStartIncluding : 16.0.1 (string)

versionEndExcluding : 16.57.22011101 (string)

}

8 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 16.0.1 (string)

versionEndExcluding : https://aka.ms/OfficeSecurityReleases (string)

}

9 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:* (string)

versionStartIncluding : 16.0.0 (string)

versionEndExcluding : 16.0.14326.20714 (string)

}

10 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sharepoint_server:*:language_pack:*:*:subscription:*:*:* (string)

versionStartIncluding : 16.0.0 (string)

versionEndExcluding : 16.0.14326.20714 (string)

}

11 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:x86:* (string)

versionStartIncluding : 16.0.0.0 (string)

versionEndExcluding : 16.0.5266.1000 (string)

}

12 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:office:*:*:*:*:*:*:x86:* (string)

versionStartIncluding : 16.0.0 (string)

versionEndExcluding : 16.0.5266.1000 (string)

}

13 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:excel:*:sp1:*:*:rt:*:*:* (string)

versionStartIncluding : 15.0.0.0 (string)

versionEndExcluding : 15.0.5415.1000 (string)

}

14 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:office:*:sp1:*:*:rt:*:*:* (string)

versionStartIncluding : 15.0.0 (string)

versionEndExcluding : 15.0.5415.1000 (string)

}

15 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:office_web_apps_server:*:sp1:*:*:*:*:*:* (string)

versionStartIncluding : 15.0.1 (string)

versionEndExcluding : 15.0.5415.1000 (string)

}

16 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:sharepoint_foundation:*:sp1:*:*:*:*:*:* (string)

versionStartIncluding : 15.0.0 (string)

versionEndExcluding : 15.0.5415.1000 (string)

}

]

}

]

}

]

affected : [ »

0 : { »

vendor : Microsoft (string)

product : Microsoft SharePoint Enterprise Server 2016 (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.0 (string)

lessThan : 16.0.5266.1000 (string)

versionType : custom (string)

status : affected (string)

}

]

}

1 : { »

vendor : Microsoft (string)

product : Microsoft SharePoint Enterprise Server 2013 Service Pack 1 (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 15.0.0 (string)

lessThan : 15.0.5415.1000 (string)

versionType : custom (string)

status : affected (string)

}

]

}

2 : { »

vendor : Microsoft (string)

product : Microsoft SharePoint Server 2019 (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.0 (string)

lessThan : 16.0.10382.20004 (string)

versionType : custom (string)

status : affected (string)

}

]

}

3 : { »

vendor : Microsoft (string)

product : Microsoft Office 2019 (string)

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 19.0.0 (string)

lessThan : https://aka.ms/OfficeSecurityReleases (string)

versionType : custom (string)

status : affected (string)

}

]

}

4 : { »

vendor : Microsoft (string)

product : Microsoft Office 2019 for Mac (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 16.0.0 (string)

lessThan : 16.57.22011101 (string)

versionType : custom (string)

status : affected (string)

}

]

}

5 : { »

vendor : Microsoft (string)

product : Microsoft Office Online Server (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 16.0.1 (string)

lessThan : 16.0.10382.20004 (string)

versionType : custom (string)

status : affected (string)

}

]

}

6 : { »

vendor : Microsoft (string)

product : Microsoft 365 Apps for Enterprise (string)

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.1 (string)

lessThan : https://aka.ms/OfficeSecurityReleases (string)

versionType : custom (string)

status : affected (string)

}

]

}

7 : { »

vendor : Microsoft (string)

product : Microsoft Office LTSC for Mac 2021 (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 16.0.1 (string)

lessThan : 16.57.22011101 (string)

versionType : custom (string)

status : affected (string)

}

]

}

8 : { »

vendor : Microsoft (string)

product : Microsoft Office LTSC 2021 (string)

platforms : [ »

0 : x64-based Systems (string)

1 : 32-bit Systems (string)

]

versions : [ »

0 : { »

version : 16.0.1 (string)

lessThan : https://aka.ms/OfficeSecurityReleases (string)

versionType : custom (string)

status : affected (string)

}

]

}

9 : { »

vendor : Microsoft (string)

product : Microsoft SharePoint Server Subscription Edition (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.0 (string)

lessThan : 16.0.14326.20714 (string)

versionType : custom (string)

status : affected (string)

}

]

}

10 : { »

vendor : Microsoft (string)

product : SharePoint Server Subscription Edition Language Pack (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.0 (string)

lessThan : 16.0.14326.20714 (string)

versionType : custom (string)

status : affected (string)

}

]

}

11 : { »

vendor : Microsoft (string)

product : Microsoft Excel 2016 (string)

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.0.0 (string)

lessThan : 16.0.5266.1000 (string)

versionType : custom (string)

status : affected (string)

}

]

}

12 : { »

vendor : Microsoft (string)

product : Microsoft Office 2016 (string)

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.0 (string)

lessThan : 16.0.5266.1000 (string)

versionType : custom (string)

status : affected (string)

}

]

}

13 : { »

vendor : Microsoft (string)

product : Microsoft Excel 2013 Service Pack 1 (string)

platforms : [ »

0 : ARM64-based Systems (string)

1 : 32-bit Systems (string)

2 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 15.0.0.0 (string)

lessThan : 15.0.5415.1000 (string)

versionType : custom (string)

status : affected (string)

}

]

}

14 : { »

vendor : Microsoft (string)

product : Microsoft Office 2013 Service Pack 1 (string)

platforms : [ »

0 : ARM64-based Systems (string)

1 : 32-bit Systems (string)

2 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 15.0.0 (string)

lessThan : 15.0.5415.1000 (string)

versionType : custom (string)

status : affected (string)

}

]

}

15 : { »

vendor : Microsoft (string)

product : Microsoft Office Web Apps Server 2013 Service Pack 1 (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 15.0.1 (string)

lessThan : 15.0.5415.1000 (string)

versionType : custom (string)

status : affected (string)

}

]

}

16 : { »

vendor : Microsoft (string)

product : Microsoft SharePoint Foundation 2013 Service Pack 1 (string)

platforms : [ »

0 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 15.0.0 (string)

lessThan : 15.0.5415.1000 (string)

versionType : custom (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

value : Microsoft Office Remote Code Execution Vulnerability (string)

lang : en-US (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Remote Code Execution (string)

lang : en-US (string)

type : Impact (string)

}

]

}

]

providerMetadata : { »

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

dateUpdated : 2025-01-02T18:22:52.048Z (string)

}

references : [ »

0 : { »

name : Microsoft Office Remote Code Execution Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840 (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en-US (string)

value : GENERAL (string)

}

]

cvssV3_1 : { »

version : 3.1 (string)

baseSeverity : HIGH (string)

baseScore : 8.8 (number)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T02:53:36.406Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2022-21840 (string)

datePublished : 2022-01-11T20:22:19 (string)

dateReserved : 2021-12-14T00:00:00 (string)

dateUpdated : 2025-01-02T18:22:52.048Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*", "matchCriteriaId": "48B20360-1A85-4A6A-BA03-0B62C97CCB0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*", "matchCriteriaId": "E8426C4D-C00D-44C2-B072-9D600C8B9543", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", "matchCriteriaId": "CD88F667-6773-4DB7-B6C3-9C7B769C0808", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", "matchCriteriaId": "B342EF98-B414-44D0-BAFB-FCA24294EECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*", "matchCriteriaId": "24DD7E07-4BB1-4914-9CDE-5A27A9A3920E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*", "matchCriteriaId": "ADA0E394-3B5E-4C34-955B-EAB645A37518", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "matchCriteriaId": "F7DDFFB8-2337-4DD7-8120-56CC8EF134B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*", "matchCriteriaId": "72324216-4EB3-4243-A007-FEF3133C7DF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*", "matchCriteriaId": "0FBB0E61-7997-4F26-9C07-54912D3F1C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*", "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*", "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", "matchCriteriaId": "40961B9E-80B6-42E0-A876-58B3CE056E4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*", "matchCriteriaId": "1AC0C23F-FC55-4DA1-8527-EB4432038FB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*", "matchCriteriaId": "A719B461-7869-46D0-9300-D0A348DC26A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:*", "matchCriteriaId": "0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "E98AE986-FA31-4301-8025-E8915BA4AC5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "B3C3FC9A-D8E5-493A-A575-C831A9A28815", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "A5D3A185-BE57-403E-914E-FDECEC3A477C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", "matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:*", "matchCriteriaId": "FA51E2C8-321F-454B-A9C1-060885C1F892", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:*", "matchCriteriaId": "157CBD57-8A1B-4B57-8371-88EF4254A663", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Office Remote Code Execution Vulnerability"}, {"lang": "es", "value": "Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota de Microsoft Office"}], "id": "CVE-2022-21840", "lastModified": "2024-11-21T06:45:32.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-11T21:15:09.483", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:* (string)

matchCriteriaId : 48B20360-1A85-4A6A-BA03-0B62C97CCB0C (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:* (string)

matchCriteriaId : E8426C4D-C00D-44C2-B072-9D600C8B9543 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:* (string)

matchCriteriaId : CD88F667-6773-4DB7-B6C3-9C7B769C0808 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:* (string)

matchCriteriaId : B342EF98-B414-44D0-BAFB-FCA24294EECE (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:* (string)

matchCriteriaId : 24DD7E07-4BB1-4914-9CDE-5A27A9A3920E (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:* (string)

matchCriteriaId : ADA0E394-3B5E-4C34-955B-EAB645A37518 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:* (string)

matchCriteriaId : F7DDFFB8-2337-4DD7-8120-56CC8EF134B4 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:* (string)

matchCriteriaId : 72324216-4EB3-4243-A007-FEF3133C7DF9 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:* (string)

matchCriteriaId : 0FBB0E61-7997-4F26-9C07-54912D3F1C10 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:* (string)

matchCriteriaId : CF5DDD09-902E-4881-98D0-CB896333B4AA (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:* (string)

matchCriteriaId : 26A3B226-5D7C-4556-9350-5222DC8EFC2C (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:* (string)

matchCriteriaId : 40961B9E-80B6-42E0-A876-58B3CE056E4E (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:* (string)

matchCriteriaId : 1AC0C23F-FC55-4DA1-8527-EB4432038FB0 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:* (string)

matchCriteriaId : A719B461-7869-46D0-9300-D0A348DC26A5 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:* (string)

matchCriteriaId : 0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E98AE986-FA31-4301-8025-E8915BA4AC5E (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:microsoft:office_web_apps:2013:sp1:*:*:*:*:*:* (string)

matchCriteriaId : B3C3FC9A-D8E5-493A-A575-C831A9A28815 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:microsoft:sharepoint_enterprise_server:2013:sp1:*:*:*:*:*:* (string)

matchCriteriaId : A5D3A185-BE57-403E-914E-FDECEC3A477C (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:* (string)

matchCriteriaId : AC8BB33F-44C4-41FE-8B17-68E3C4B38142 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:microsoft:sharepoint_server:-:language_pack:*:*:subscription:*:*:* (string)

matchCriteriaId : FA51E2C8-321F-454B-A9C1-060885C1F892 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:*:*:enterprise:*:*:* (string)

matchCriteriaId : 157CBD57-8A1B-4B57-8371-88EF4254A663 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : F815EF1D-7B60-47BE-9AC2-2548F99F10E4 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:* (string)

matchCriteriaId : 6122D014-5BF1-4AF4-8B4D-80205ED7785E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Office Remote Code Execution Vulnerability (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de Ejecución de Código Remota de Microsoft Office (string)

}

]

id : CVE-2022-21840 (string)

lastModified : 2024-11-21T06:45:32.493 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : secure@microsoft.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-01-11T21:15:09.483 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object