{
  "document" : {
    "aggregate_severity" : {
      "text" : "hoch"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "Die Microsoft Office Suite beinhaltet zahlreiche Büroanwendungen wie Textverarbeitung, Tabellenkalkulation, Datenbank und weitere Applikationen.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Microsoft Office 365 (Moodle Plugin) ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Benutzer zu imitieren und sich so erweiterte Berechtigungen, einschließlich Administratorzugriff, zu verschaffen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Android\n- iPhoneOS\n- Linux\n- UNIX\n- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2026-2400 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2400.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2026-2400 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2400"
    }, {
      "category" : "external",
      "summary" : "GitHub Security Advisory GHSA-hqjh-93qv-47v5 vom 2026-07-16",
      "url" : "https://github.com/microsoft/o365-moodle/security/advisories/GHSA-hqjh-93qv-47v5"
    } ],
    "source_lang" : "en-US",
    "title" : "Microsoft Office 365 (Moodle Plugin): Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen",
    "tracking" : {
      "current_release_date" : "2026-07-16T22:00:00.000+00:00",
      "generator" : {
        "date" : "2026-07-17T10:50:04.600+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.6.0"
        }
      },
      "id" : "WID-SEC-W-2026-2400",
      "initial_release_date" : "2026-07-16T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2026-07-16T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      } ],
      "status" : "final",
      "version" : "1"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_version_range",
          "name" : "Moodle Plugin <4.5.6",
          "product" : {
            "name" : "Microsoft Office 365 Moodle Plugin <4.5.6",
            "product_id" : "T056750"
          }
        }, {
          "category" : "product_version",
          "name" : "Moodle Plugin 4.5.6",
          "product" : {
            "name" : "Microsoft Office 365 Moodle Plugin 4.5.6",
            "product_id" : "T056750-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:microsoft:office_365:moodle_plugin__4.5.6"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "Moodle Plugin <5.0.5",
          "product" : {
            "name" : "Microsoft Office 365 Moodle Plugin <5.0.5",
            "product_id" : "T056751"
          }
        }, {
          "category" : "product_version",
          "name" : "Moodle Plugin 5.0.5",
          "product" : {
            "name" : "Microsoft Office 365 Moodle Plugin 5.0.5",
            "product_id" : "T056751-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:microsoft:office_365:moodle_plugin__5.0.5"
            }
          }
        }, {
          "category" : "product_version_range",
          "name" : "Moodle Plugin <5.1.1",
          "product" : {
            "name" : "Microsoft Office 365 Moodle Plugin <5.1.1",
            "product_id" : "T056752"
          }
        }, {
          "category" : "product_version",
          "name" : "Moodle Plugin 5.1.1",
          "product" : {
            "name" : "Microsoft Office 365 Moodle Plugin 5.1.1",
            "product_id" : "T056752-fixed",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:microsoft:office_365:moodle_plugin__5.1.1"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Office 365"
      } ],
      "category" : "vendor",
      "name" : "Microsoft"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2026-54733",
    "product_status" : {
      "known_affected" : [ "T056750", "T056751", "T056752" ]
    },
    "release_date" : "2026-07-16T22:00:00.000+00:00",
    "title" : "CVE-2026-54733"
  } ]
}