CVE-2023-21721

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.5MEDIUM

EPSS

6.1%

top 9.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

2

Microsoft Microsoft Onenote FOR Android Microsoft Onenote

Timeline

PublishedFeb 14

Description

Microsoft OneNote Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmicrosoft/onenote< 16.0.16026.20158

▶CVEListV5microsoft/microsoft_onenote_for_android16.0.1 — 16.0.16026.20158

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

1

CVEList

Microsoft OneNote Elevation of Privilege Vulnerability↗2023-02-14

▶

📋Vendor Advisories

1

Microsoft

Microsoft OneNote Elevation of Privilege Vulnerability↗2023-02-14

▶

CVE-2023-21721 (MEDIUM CVSS 6.5) | Microsoft OneNote Elevation of Priv | cvebase.io