9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.109 Low
EPSS
Percentile
94.5%
OpenOffice.org is an office productivity suite.
HSQLDB is a Java relational database engine used by OpenOffice.org Base.
It was discovered that HSQLDB could allow the execution of arbitrary public
static Java methods. A carefully crafted odb file opened in OpenOffice.org
Base could execute arbitrary commands with the permissions of the user
running OpenOffice.org. (CVE-2007-4575)
It was discovered that HSQLDB did not have a password set on the ‘sa’ user.
If HSQLDB has been configured as a service, a remote attacker who could
connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands.
(CVE-2003-0845)
Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a service
by default, and needs manual configuration in order to work as a service.
Users of OpenOffice.org or HSQLDB should update to these errata packages
which contain backported patches to correct these issues.