NVD

Vulnerability Change Records for CVE-2021-31939

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Added	CVSS V2		NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Added	CWE		NIST NVD-CWE-noinfo
Added	CPE Configuration		OR cpe:2.3:a:microsoft:365_apps:-::::enterprise:::* cpe:2.3:a:microsoft:excel:2013:sp1::::::* cpe:2.3:a:microsoft:excel:2013:sp1:::rt::: cpe:2.3:a:microsoft:excel:2016::::::: cpe:2.3:a:microsoft:office:2013:sp1::::::* cpe:2.3:a:microsoft:office:2013:sp1:::rt::: cpe:2.3:a:microsoft:office:2016::::::: cpe:2.3:a:microsoft:office:2019::::::: cpe:2.3:a:microsoft:office_online_server:-::::::: cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1::::::*
Changed	Reference Type	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31939 No Types Assigned	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31939 Patch, Vendor Advisory
Changed	Reference Type	https://www.zerodayinitiative.com/advisories/ZDI-21-670/ No Types Assigned	https://www.zerodayinitiative.com/advisories/ZDI-21-670/ Third Party Advisory
Added	CVSS V2 Metadata		Victim must voluntarily interact with attack mechanism