Description

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

Related CPE's

a

apache

openoffice

Vulnerable

References

https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0

Mailing ListVendor Advisory

https://www.openoffice.org/security/cves/CVE-2022-38745.html

Vendor Advisory

https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0

Mailing ListVendor Advisory

https://www.openoffice.org/security/cves/CVE-2022-38745.html

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-94CWE-427CWE-1188

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-24T16:15:08.130

2 years ago

Last modified

2025-02-13T15:15:11.950

5 months ago