How severe is CVE-2020-16855?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Is CVE-2020-16855 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Office 2016 For Mac

CVE-2020-16855

<p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerabil…

EPSS: 0.199 (95.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C.

Affected products

Microsoft Office 2016 For Mac — versions 16.0.0
Microsoft Office 2019 For Mac — versions 16.0.0

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16855 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-16855?: CVE-2020-16855 is a medium-severity vulnerability in Microsoft Office 2016 For Mac. CVSS score: 5.5/10. Published 2020-09-11.
How severe is CVE-2020-16855?: Medium severity. CVSS v3 base score is 5.5 out of 10.
Is CVE-2020-16855 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.