Lucene search

[email protected]NVD:CVE-2022-47502

HistoryMar 24, 2023 - 4:15 p.m.

CVE-2022-47502

2023-03-2416:15:08

CWE-20

CWE-88

[email protected]

web.nvd.nist.gov

cve-2022-47502

arbitrary arguments

uri schemes

user approval

script execution

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.7%

JSON

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose.

Links can be activated by clicks, or by automatic document events.

The execution of such links must be subject to user approval.

In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.

Affected configurations

NVD

Node

apacheopenofficeRange≤4.1.13

References

www.openwall.com/lists/oss-security/2023/12/28/3

www.openwall.com/lists/oss-security/2024/01/03/3

lists.apache.org/thread/xr6tl91jj2jgcq8pdbrc4d8w13s6xn80

www.openoffice.org/security/cves/CVE-2022-47502.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.7%

JSON

Related for NVD:CVE-2022-47502

cve2 prion2 cnvd1 cvelist2 nvd1 kaspersky1 nessus3