Lucene search

K

Redhat.comRH:CVE-2022-3140

HistoryOct 14, 2022 - 5:29 a.m.

CVE-2022-3140

2022-10-1405:29:00

redhat.com

access.redhat.com

71

libreoffice

uri schemes

ms sharepoint

browser integration

arbitrary script execution

exploit trigger

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

0.002 Low

EPSS

Percentile

56.2%

A vulnerability was found in LibreOffice that affects the Office URI Schemes. These schemes enable browser integration of LibreOffice with the MS SharePoint server. In LibreOffice, the links using the scheme ‘vnd.libreoffice.command’ could be constructed to call internal macros with arbitrary arguments, which, when clicked, or activated by document events, could result in arbitrary script execution without warning. The attacker must trick the targeted individual into opening a malicious file to trigger the exploit.

References

bugzilla.redhat.com/show_bug.cgi?id=2134697

nvd.nist.gov/vuln/detail/CVE-2022-3140

www.cve.org/CVERecord?id=CVE-2022-3140

www.libreoffice.org/about-us/security/advisories/CVE-2022-3140

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

0.002 Low

EPSS

Percentile

56.2%

Related for RH:CVE-2022-3140

debiancve1 debian2 veracode1 fedora1 mageia1 nessus18 openvas6 cvelist1 alpinelinux1 cve1 ubuntucve1 gentoo1 kaspersky1 zdi1 osv7 prion1 nvd1 suse1 oraclelinux2 redhat2 almalinux2 rocky2 ubuntu1