Lucene search

K
kasperskyKaspersky LabKLA12465
HistoryFeb 22, 2022 - 12:00 a.m.

KLA12465 Security vulnerability in LibreOffice

2022-02-2200:00:00
Kaspersky Lab
threats.kaspersky.com
16

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

38.9%

Security vulnerability was found in LibreOffice. Malicious users can exploit this vulnerability to bypass security restrictions.

Original advisories

Incorrect trust validation of signature with ambiguous KeyInfo children

Related products

LibreOffice

CVE list

CVE-2021-25636 critical

Solution

Update to the latest version

Download LibreOffice

Impacts

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • LibreOffice earlier than 7.2.5LibreOffice 7.3.x earlier than 7.3.0

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

38.9%