CVE Catalog

Actively exploited in the wild

Microsoft Outlook Security Feature Bypass Vulnerability

Microsoft — Outlook · Listed in the CISA KEV since 2023-07-11. This indicates confirmed attacks in production environments.

Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

CVE-2023-35311

HighCVSS 8.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
15.03%

96th percentile — higher than 96% of all known CVEs

Summary

A vulnerability in Microsoft Outlook allows for a security feature bypass, potentially leading to unauthorized access to user data.

Risk Assessment

Organizations may be exposed to data leaks and other attacks that could exploit this vulnerability to gain access to sensitive information.

Recommendation

It is recommended to update Microsoft Outlook to the latest version to patch this vulnerability and to monitor systems for unauthorized access.

Original NVD description (English source)

Microsoft Outlook Security Feature Bypass Vulnerability

Vulnerability data from NVD (NIST) · CISA KEV · EPSS