Veracode Vulnerability DatabaseVERACODE:11865

HistoryJan 15, 2019 - 9:09 a.m.

Information Disclosure

2019-01-1509:09:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

libreoffice is vulnerable to information disclosure. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim.

CPENameOperatorVersion
libreofficeeq3.4.5.2__16.el6
libreofficeeq3.4.5.2__16.1.el6_3
libreofficeeq4.0.4.2__9.el6
libreofficeeq4.0.4.2__14.el6

Name	Operator	Version
libreoffice	eq	3.4.5.2__16.el6
libreoffice	eq	3.4.5.2__16.1.el6_3
libreoffice	eq	4.0.4.2__9.el6
libreoffice	eq	4.0.4.2__14.el6

References

rhn.redhat.com/errata/RHSA-2015-2619.html

www.debian.org/security/2015/dsa-3394

www.libreoffice.org/about-us/security/advisories/cve-2015-4551/

www.openoffice.org/security/cves/CVE-2015-4551.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/77486

www.securitytracker.com/id/1034085

www.securitytracker.com/id/1034091

www.ubuntu.com/usn/USN-2793-1

access.redhat.com/security/updates/classification/#moderate

rhn.redhat.com/errata/RHSA-2015-2619.html

security.gentoo.org/glsa/201603-05

security.gentoo.org/glsa/201611-03

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:11865