CVE-2022-47502
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-20
Validación incorrecta de entrada
Fecha de publicación:
24/03/2023
Última modificación:
13/02/2025
Descripción
*** Pendiente de traducción *** Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose.<br />
<br />
<br />
Links can be activated by clicks, or by automatic document events.<br />
<br />
The execution of such links must be subject to user approval.<br />
<br />
In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.
Impacto
Puntuación base 3.x
7.80
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:* | 4.1.13 (incluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://www.openwall.com/lists/oss-security/2023/12/28/3
- http://www.openwall.com/lists/oss-security/2024/01/03/3
- https://lists.apache.org/thread/xr6tl91jj2jgcq8pdbrc4d8w13s6xn80
- https://www.openoffice.org/security/cves/CVE-2022-47502.html
- http://www.openwall.com/lists/oss-security/2023/12/28/3
- http://www.openwall.com/lists/oss-security/2024/01/03/3
- https://lists.apache.org/thread/xr6tl91jj2jgcq8pdbrc4d8w13s6xn80
- https://www.openoffice.org/security/cves/CVE-2022-47502.html