CVE-2021-41832

Published: Oct 11, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.

Affected (1)

Products: Apache: Openoffice

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Openoffice	Before 4.1.11

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (4)

https://lists.apache.org/thread.html/rd3214a568b43dd335b5d558f521377f4bff750684dea18eb041fc1bb%40%3Cusers.openoffice.apache.org%3E

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread.html/rfbc93cd7cea40e2ad3b6e080f688dd02566cdd2b1984fcbb6f8b0fb6%40%3Cannounce.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rd3214a568b43dd335b5d558f521377f4bff750684dea18eb041fc1bb%40%3Cusers.openoffice.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://lists.apache.org/thread.html/rfbc93cd7cea40e2ad3b6e080f688dd02566cdd2b1984fcbb6f8b0fb6%40%3Cannounce.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.