CVE-2022-33632 | ByteOS Network

Vulnerability Details :

CVE-2022-33632

Assigner-microsoft

Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8

Published At-12 Jul, 2022 | 22:37

Updated At-08 Jul, 2025 | 15:36

Microsoft Office Security Feature Bypass Vulnerability

Microsoft Office Security Feature Bypass Vulnerability

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:microsoft

Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8

Published At:12 Jul, 2022 | 22:37

Updated At:08 Jul, 2025 | 15:36

▼CVE Numbering Authority (CNA)

Microsoft Office Security Feature Bypass Vulnerability

Microsoft Office Security Feature Bypass Vulnerability

Affected Products

Vendor

Microsoft Corporation

Product

Microsoft Office LTSC 2021

Platforms

x64-based Systems
32-bit Systems

Versions

Affected

From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)

Vendor

Microsoft Corporation

Product

Microsoft Office 2019

Platforms

32-bit Systems
x64-based Systems

Versions

Affected

From 19.0.0 before https://aka.ms/OfficeSecurityReleases (custom)

Vendor

Microsoft Corporation

Product

Microsoft 365 Apps for Enterprise

Platforms

32-bit Systems
x64-based Systems

Versions

Affected

From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)

Vendor

Microsoft Corporation

Product

Microsoft Office 2016

Platforms

32-bit Systems
x64-based Systems

Versions

Affected

From 16.0.0 before 16.0.5344.1000 (custom)

Vendor

Microsoft Corporation

Product

Microsoft Office 2013 Service Pack 1

Platforms

ARM64-based Systems
32-bit Systems
x64-based Systems

Versions

Affected

From 15.0.0 before 15.0.5467.1000 (custom)

Problem Types

Type	CWE ID	Description
Impact	N/A	Security Feature Bypass

Type: Impact

CWE ID: N/A

Description: Security Feature Bypass

Metrics

Version	Base score	Base severity	Vector
3.1	4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

Version: 3.1

Base score: 4.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

References

Hyperlink	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33632	vendor-advisory

Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33632

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33632	vendor-advisory x_transferred

Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33632

Resource:

vendor-advisory

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:secure@microsoft.com

Published At:12 Jul, 2022 | 23:15

Updated At:08 Aug, 2023 | 14:22

Microsoft Office Security Feature Bypass Vulnerability

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary	2.0	4.6	MEDIUM	AV:N/AC:H/Au:S/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 4.7

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:N/AC:H/Au:S/C:P/I:P/A:P

CPE Matches

Microsoft Corporation

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*

Microsoft Corporation

cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*

Microsoft Corporation

>>office>>2013

cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*

Microsoft Corporation

>>office>>2013

cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*

Microsoft Corporation

>>office>>2013

cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*

Microsoft Corporation

>>office>>2016

cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*

Microsoft Corporation

>>office>>2016

cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*

Microsoft Corporation

>>office>>2019

cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*

Microsoft Corporation

>>office>>2019

cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*

Microsoft Corporation

>>office_long_term_servicing_channel>>2021

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*

Microsoft Corporation

>>office_long_term_servicing_channel>>2021

cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33632	secure@microsoft.com	N/A

Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33632

Source: secure@microsoft.com

Resource: N/A

Similar CVEs

3Records found

Matching Score-8

Assigner-Tenable Network Security, Inc.

Matching Score-8

Assigner-Tenable Network Security, Inc.

CVSS Score-7.3||HIGH

EPSS-0.15% / 36.19%

||

7 Day CHG~0.00%

Published-30 Dec, 2021 | 21:31

Updated-04 Aug, 2024 | 04:25

Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN executable with a malicious one. When a higher privileged user such as an Administrator launches that executable, it is possible for the lower privileged user to escalate to Administrator privileges.

Vendor-leap n/a Microsoft Corporation

Product-windows bitmask_riseup_vpn Bitmask Riseup VPN 0.21.6

CWE ID-CWE-732

Incorrect Permission Assignment for Critical Resource

Matching Score-8

Assigner-Microsoft Corporation

Matching Score-8

Assigner-Microsoft Corporation

CVSS Score-4.7||MEDIUM

EPSS-1.49% / 80.23%

||

7 Day CHG~0.00%

Published-11 Jun, 2024 | 17:00

Updated-16 Jul, 2025 | 00:42

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Vendor-Microsoft Corporation

Product-visual_studio_2019 visual_studio_2022 Microsoft Visual Studio 2022 version 17.6 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2022 version 17.10 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.8

CWE ID-CWE-693

Protection Mechanism Failure

Matching Score-8

Assigner-HP Inc.

Matching Score-8

Assigner-HP Inc.

CVSS Score-4.6||MEDIUM

EPSS-0.29% / 52.17%

||

7 Day CHG~0.00%

Published-23 Apr, 2010 | 14:00

Updated-11 Apr, 2025 | 00:51

Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.

Vendor-n/a HP Inc.Microsoft Corporation Linux Kernel Organization, Inc

Product-linux_kernel windows system_management_homepage n/a