CVE-2021-41830

Published: Oct 11, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.

Affected (1)

Products: Apache: Openoffice

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Openoffice	Before 4.1.11

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (4)

https://lists.apache.org/thread.html/r97d287c88881aa581f1b18cb01e2cbedc4e6eae85958491acb89b12e%40%3Cusers.openoffice.apache.org%3E

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread.html/raaab8a3b91f8d7b7ba14f873b8d0fd13952c823acc3385b7a374e754%40%3Cannounce.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r97d287c88881aa581f1b18cb01e2cbedc4e6eae85958491acb89b12e%40%3Cusers.openoffice.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://lists.apache.org/thread.html/raaab8a3b91f8d7b7ba14f873b8d0fd13952c823acc3385b7a374e754%40%3Cannounce.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.