{"api_version":"1","generated_at":"2026-04-22T21:40:03+00:00","cve":"CVE-2021-41831","urls":{"html":"https://cve.report/CVE-2021-41831","api":"https://cve.report/api/cve/CVE-2021-41831.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-41831","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-41831"},"summary":{"title":"CVE-2021-41831","description":"It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.","state":"PUBLIC","assigner":"security@apache.org","published_at":"2021-10-11 08:15:00","updated_at":"2023-11-07 03:39:00"},"problem_types":["CWE-347"],"metrics":[],"references":[{"url":"https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757@%3Cannounce.apache.org%3E","name":"[announce] 20211010 CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E","name":"N/A","refsource":"CONFIRM","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757%40%3Cannounce.apache.org%3E","name":"[announce] 20211010 CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping","refsource":"","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-41831","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41831","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"41831","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"openoffice","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-41831","qid":"375951","title":"Apache OpenOffice Multiple Vulnerabilities"},{"cve":"CVE-2021-41831","qid":"379284","title":"Apache OpenOffice Multiple Security Vulnerabilities"},{"cve":"CVE-2021-41831","qid":"690222","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for apache openoffice (04d2cf7f-2942-11ec-b48c-1c1b0d9ea7e6)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2021-41831","STATE":"PUBLIC","TITLE":"Timestamp Manipulation with Signature Wrapping"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache OpenOffice","version":{"version_data":[{"version_affected":"<=","version_name":"Apache OpenOffice","version_value":"4.1.10"},{"version_affected":"<=","version_name":"OpenOffice.org","version_value":"3.4"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"credit":[{"lang":"eng","value":"Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":[{"other":"moderate"}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-347 Improper Verification of Cryptographic Signature"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E","name":"https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E"},{"refsource":"MLIST","name":"[announce] 20211010 CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping","url":"https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757@%3Cannounce.apache.org%3E"}]},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2021-10-11 08:15:00","lastModifiedDate":"2023-11-07 03:39:00","problem_types":["CWE-347"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.11","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"41831","Ordinal":"217650","Title":"CVE-2021-41831","CVE":"CVE-2021-41831","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"41831","Ordinal":"1","NoteData":"It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"41831","Ordinal":"2","NoteData":"2021-10-11","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"41831","Ordinal":"3","NoteData":"2021-10-11","Type":"Other","Title":"Modified"}]}}}