CVE-2020-13958

3 documents3 sources
Severity
7.8HIGH
EPSS
1.0%
top 22.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Openoffice
Timeline
PublishedNov 17
Latest updateMay 24

Description

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDapache/openoffice4.0.04.1.8
CVEListV5apache_openofficeApache OpenOffice 4.0 to 4.1.7

🔴Vulnerability Details

2
GHSA
GHSA-qfv9-rhfv-64hr: A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the2022-05-24
CVEList
CVE-2020-13958: A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the2020-11-17
CVE-2020-13958 (HIGH CVSS 7.8) | A vulnerability in Apache OpenOffic | cvebase.io