Lucene search

K
cve[email protected]CVE-2022-38745
HistoryMar 24, 2023 - 4:15 p.m.

CVE-2022-38745

2023-03-2416:15:08
CWE-94
CWE-427
CWE-1188
web.nvd.nist.gov
53
apache openoffice
cve-2022-38745
java
code execution
security vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

Affected configurations

Vulners
NVD
Node
apacheopenofficeRange4.1.14

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache OpenOffice",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "4.1.14",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%