CVE-2023-36763 - Vulnerability Details - OpenCVE

Microsoft Outlook Information Disclosure Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Microsoft	365 Apps Office Office Long Term Servicing Channel Outlook

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:365_apps:-::::enterprise::x64:*
	cpe:2.3:a:microsoft:365_apps:-::::enterprise::x86:*
	cpe:2.3:a:microsoft:office:2019::::::x64:
	cpe:2.3:a:microsoft:office:2019::::::x86:
	cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021::::::x64:
	cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021::::::x86:
	cpe:2.3:a:microsoft:outlook:2016::::::x64:
	cpe:2.3:a:microsoft:outlook:2016::::::x86:

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 01 Jan 2025 02:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:microsoft:365_apps:-::::enterprise::: cpe:2.3:a:microsoft:office:2019:::::::* cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:::::::* cpe:2.3:a:microsoft:outlook:2016:::::x64:: cpe:2.3:a:microsoft:outlook:2016:::::x86::

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2023-09-12T16:58:44.987Z

Updated: 2025-02-27T20:53:38.270Z

Reserved: 2023-06-27T15:11:59.868Z

Link: CVE-2023-36763

Vulnrichment

Updated: 2024-08-02T17:01:07.890Z

NVD

Status : Modified

Published: 2023-09-12T17:15:12.450

Modified: 2024-11-21T08:10:32.950

Link: CVE-2023-36763

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36763", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-06-27T15:11:59.868Z", "datePublished": "2023-09-12T16:58:44.987Z", "dateUpdated": "2025-02-27T20:53:38.270Z"}, "containers": {"cna": {"title": "Microsoft Outlook Information Disclosure Vulnerability", "datePublic": "2023-09-12T07:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.0.0", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x86:*:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.5413.1000"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Office 2019", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "19.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2021", "platforms": ["x64-based Systems", "32-bit Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Outlook 2016", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0.0", "lessThan": "16.0.5413.1000", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Outlook Information Disclosure Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en-US", "type": "CWE", "cweId": "CWE-200"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-01T02:04:37.182Z"}, "references": [{"name": "Microsoft Outlook Information Disclosure Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:07.890Z"}, "title": "CVE Program Container", "references": [{"name": "Microsoft Outlook Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-26T21:50:19.242111Z", "id": "CVE-2023-36763", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T20:53:38.270Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36763", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-06-27T15:11:59.868Z", "datePublished": "2023-09-12T16:58:44.987Z", "dateUpdated": "2025-02-27T20:53:38.270Z"}, "containers": {"cna": {"title": "Microsoft Outlook Information Disclosure Vulnerability", "datePublic": "2023-09-12T07:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office:*:*:*:*:*:*:*:*", "versionStartIncluding": "19.0.0", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.1", "versionEndExcluding": "https://aka.ms/OfficeSecurityReleases"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:x86:*:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.5413.1000"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Office 2019", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "19.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Office LTSC 2021", "platforms": ["x64-based Systems", "32-bit Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Outlook 2016", "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0.0", "lessThan": "16.0.5413.1000", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Outlook Information Disclosure Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en-US", "type": "CWE", "cweId": "CWE-200"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-01T02:04:37.182Z"}, "references": [{"name": "Microsoft Outlook Information Disclosure Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:01:07.890Z"}, "title": "CVE Program Container", "references": [{"name": "Microsoft Outlook Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36763", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-26T21:50:19.242111Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-26T20:37:07.103Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*", "matchCriteriaId": "CF5DDD09-902E-4881-98D0-CB896333B4AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*", "matchCriteriaId": "26A3B226-5D7C-4556-9350-5222DC8EFC2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*", "matchCriteriaId": "75F7306B-D1DA-48C2-AF87-4480E161D794", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*", "matchCriteriaId": "BA9BCD55-F71E-4920-B906-A1386843776A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:x64:*", "matchCriteriaId": "0E6FF8E4-A3AF-4EC2-AAFD-D4FB80A3851A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:x86:*", "matchCriteriaId": "1E7C0D0D-7FE2-4FA4-AE4B-1B5D197BE982", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Outlook Information Disclosure Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n de Microsoft Outlook"}], "id": "CVE-2023-36763", "lastModified": "2024-11-21T08:10:32.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2023-09-12T17:15:12.450", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36763"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "secure@microsoft.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}