CVE-2024-47222

CRITICAL

New Cloud MyOffice SDK Collaborative Editing Server <2.9 - SSRF

Title source: llm

Description

New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.

References (2)

Core 2

Core References

Product

https://myoffice.ru/

Product

https://support.myoffice.ru/products/myoffice-sdk/

Scores

CVSS v3 9.8

EPSS 0.0052

EPSS Percentile 40.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

myoffice/my_office_sdk 2.2.2 - 2.8.0

Published Sep 23, 2024

Tracked Since Feb 18, 2026