CVE-2022-22716

Microsoft Excel Information Disclosure Vulnerability

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22716

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:365_apps:-::::enterprise::x64:*
	cpe:2.3:a:microsoft:365_apps:-::::enterprise::x86:*
	cpe:2.3:a:microsoft:excel:2013:sp1:::::x64:*
	cpe:2.3:a:microsoft:excel:2013:sp1:::::x86:*
	cpe:2.3:a:microsoft:excel:2013:sp1:::rt:::*
	cpe:2.3:a:microsoft:excel:2016::::::x64:
	cpe:2.3:a:microsoft:excel:2016::::::x86:
	cpe:2.3:a:microsoft:office:2019::::::x64:
	cpe:2.3:a:microsoft:office:2019::::::x86:
	cpe:2.3:a:microsoft:office:2019:::::macos::
	cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:::::::*
	cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:::::-::
	cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:::::macos::
	cpe:2.3:a:microsoft:office_online_server:-:::::::*
	cpe:2.3:a:microsoft:office_web_apps:2013:sp1::::::
	cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:::enterprise:::*

History

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-668~~	CWE-119

29 Jun 2023, 05:15

Type	Values Removed	Values Added
References	{'url': 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22716', 'name': 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22716', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MISC'} {'url': 'https://www.zerodayinitiative.com/advisories/ZDI-22-383/', 'name': 'https://www.zerodayinitiative.com/advisories/ZDI-22-383/', 'tags': ['Third Party Advisory', 'VDB Entry'], 'refsource': 'MISC'}	(MISC) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22716 -
Summary	~~Microsoft Excel Information Disclosure Vulnerability.~~	Microsoft Excel Information Disclosure Vulnerability

04 Mar 2022, 21:31

Type	Values Removed	Values Added
CVSS	v2 : ~~2.1~~ v3 : ~~5.5~~	v2 : 4.3 v3 : 5.5
References	~~(MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-383/ -~~	(MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-383/ - Third Party Advisory, VDB Entry

18 Feb 2022, 12:15

Type	Values Removed	Values Added
References		(MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-383/ -

15 Feb 2022, 13:54

Type	Values Removed	Values Added
First Time		Microsoft Microsoft office Microsoft excel Microsoft sharepoint Server Microsoft office Online Server Microsoft office Web Apps Microsoft 365 Apps Microsoft office Long Term Servicing Channel
CPE		cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:::::macos:: cpe:2.3:a:microsoft:office_online_server:-:::::::* cpe:2.3:a:microsoft:excel:2013:sp1:::rt:::* cpe:2.3:a:microsoft:excel:2013:sp1:::::x64:* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:::::-:: cpe:2.3:a:microsoft:office:2019::::::x86: cpe:2.3:a:microsoft:office:2019::::::x64: cpe:2.3:a:microsoft:365_apps:-::::enterprise::x64:* cpe:2.3:a:microsoft:excel:2016::::::x86: cpe:2.3:a:microsoft:office:2019:::::macos:: cpe:2.3:a:microsoft:excel:2013:sp1:::::x86:* cpe:2.3:a:microsoft:office_web_apps:2013:sp1:::::: cpe:2.3:a:microsoft:365_apps:-::::enterprise::x86:* cpe:2.3:a:microsoft:sharepoint_server:2013:sp1:::enterprise:::* cpe:2.3:a:microsoft:excel:2016::::::x64: cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:::::::*
References	~~(MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22716 -~~	(MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22716 - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : 2.1 v3 : 5.5
CWE		CWE-668

09 Feb 2022, 17:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-09 17:15

Updated : 2023-12-10 14:09

NVD link : CVE-2022-22716

Mitre link : CVE-2022-22716

CVE.ORG link : CVE-2022-22716

JSON object : View

Products Affected

microsoft

office_online_server
office
office_web_apps
365_apps
excel
sharepoint_server
office_long_term_servicing_channel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2022-22716

5.5^/10

4.3^/10

Attach tags to `CVE-2022-22716`