CVE-2021-43447
First published: Mon Jan 23 2023(Updated: )
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Onlyoffice Server | <=7.0.0.49 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-43447.
What is the title of this vulnerability?
The title of this vulnerability is 'ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.'
What is the severity of CVE-2021-43447?
The severity of CVE-2021-43447 is high with a CVSS score of 7.5.
What is the affected software by CVE-2021-43447?
The affected software by CVE-2021-43447 is Onlyoffice Server version up to and including 7.0.0.49.
How can an attacker exploit CVE-2021-43447?
An attacker can exploit CVE-2021-43447 by bypassing authentication in the document editor to edit documents without authentication.
- collector/nvd-index
- agent/description
- agent/last-modified-date
- agent/tags
- agent/type
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/onlyoffice
- canonical/onlyoffice server
- version/onlyoffice server/7.0.0.49