CVE-2022-38745 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Affected Products (NVD)

Vendor	Product	Version
apache	openoffice	𝑥 < 4.1.14

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libreoffice

bookworm	4:7.4.7-1+deb12u4 fixed
bookworm (security)	4:7.4.7-1+deb12u5 fixed
bullseye	1:7.0.4-4+deb11u10 fixed
bullseye (security)	1:7.0.4-4+deb11u11 fixed
sid	4:24.8.2-2 fixed
trixie	4:24.8.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

libreoffice

bionic	Fixed 1:6.0.7-0ubuntu0.18.04.13 released
focal	Fixed 1:6.4.7-0ubuntu0.20.04.7 released
jammy	not-affected
kinetic	not-affected
lunar	not-affected
trusty	ignored
xenial	ignored

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0

https://www.openoffice.org/security/cves/CVE-2022-38745.html

https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0

https://www.openoffice.org/security/cves/CVE-2022-38745.html