CVE-2022-38745
published 2023-03-24CVE-2022-38745: Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | openoffice | < 4.1.14 | 4.1.14 |
| apache_software_foundation | apache_openoffice | < 4.1.14 | 4.1.14 |
| debian | libreoffice | < libreoffice 1:7.3.1-1 (bookworm) | libreoffice 1:7.3.1-1 (bookworm) |
| libreoffice | libreoffice | >= 0 < 1:7.0.4-4+deb11u6 | 1:7.0.4-4+deb11u6 |
| libreoffice | libreoffice | >= 0 < 1:7.3.1-1 | 1:7.3.1-1 |
| libreoffice | libreoffice | >= 0 < 1:7.3.1-1 | 1:7.3.1-1 |
| libreoffice | libreoffice | >= 0 < 1:7.3.1-1 | 1:7.3.1-1 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH