CVE-2022-47502
Summary
| CVE | CVE-2022-47502 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-24 16:15:00 UTC |
| Updated | 2024-01-03 12:15:00 UTC |
| Description | Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. |
Risk And Classification
Problem Types: CWE-20 | CWE-88
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Openoffice | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.openwall.com/lists/oss-security/2023/12/28/3 | www.openwall.com | ||
| www.openwall.com/lists/oss-security/2024/01/03/3 | www.openwall.com | ||
| lists.apache.org/thread/xr6tl91jj2jgcq8pdbrc4d8w13s6xn80 | MISC | lists.apache.org | |
| CVE-2022-47502 | MISC | www.openoffice.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378492 Apache Open Office Multiple Vulnerabilities