⚠ Actively exploited
Added to CISA KEV on 2023-10-10. Federal agencies required to patch by 2023-10-31. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..
CVE-2023-36563 — Improper Input Validation in Microsoft Windows 10 Version 1507
Severity
5.5MEDIUMNVD
VulnCheck6.5
EPSS
2.5%
top 14.71%
CISA KEV
KEV
Added 2023-10-10
Due 2023-10-31
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 10
KEV addedOct 10
Latest updateOct 11
KEV dueOct 31
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Microsoft WordPad Information Disclosure Vulnerability
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6