CVE-2021-43448

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known.
Configurations

Configuration 1 (hide)

cpe:2.3:a:onlyoffice:server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:29

Type Values Removed Values Added
References () https://github.com/ONLYOFFICE/server - Third Party Advisory () https://github.com/ONLYOFFICE/server - Third Party Advisory
References () https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/ - Exploit, Mitigation, Third Party Advisory () https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/ - Exploit, Mitigation, Third Party Advisory
References () https://www.onlyoffice.com/ - Product, Vendor Advisory () https://www.onlyoffice.com/ - Product, Vendor Advisory
Summary
  • (es) Todas las versiones de ONLYOFFICE con fecha posterior al 08/11/2021 son vulnerables a una validación de entrada incorrecta. La falta de validación de entrada puede permitir que un atacante falsifique los nombres de los usuarios que interactúan con un documento, si se conoce la identificación del documento.

Information

Published : 2023-01-23 15:15

Updated : 2024-11-21 06:29


NVD link : CVE-2021-43448

Mitre link : CVE-2021-43448

CVE.ORG link : CVE-2021-43448


JSON object : View

Products Affected

onlyoffice

  • server
CWE
CWE-20

Improper Input Validation