CVE-2015-4551

2015-11-1017:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-4551

libreoffice

apache openoffice

opendocument format

vulnerability

information security

remote attack

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

59.6%

JSON

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.

CPENameOperatorVersion
libreoffice:libreofficelibreofficele4.4.4
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
apache:openofficeapache openofficele4.1.1

CPE	Name	Operator	Version
libreoffice:libreoffice	libreoffice	le	4.4.4
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
apache:openoffice	apache openoffice	le	4.1.1