Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libreoffice: Incorrect trust validation of signature with ambiguous KeyInfo children (CVE-2021-25636)

  - libreoffice: Empty entry in Java class path (CVE-2022-38745)

  - LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual     aids that no alteration of the document occurred since the last signing and that the signature is valid.
    An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally     signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the     document to combine multiple certificate data, which when opened caused LibreOffice to display a validly     signed indicator but whose content was unrelated to the signature shown. This issue affects: The Document     Foundation LibreOffice 7-0 versions prior to 7.0.6; 7-1 versions prior to 7.1.2. (CVE-2021-25633)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6933 advisory.

    - Resolves: rhbz#2210191 CVE-2023-0950 Array Index UnderFlow in Calc Formula       Parsing
    - Resolves: rhbz#2210195 CVE-2023-2255 libreoffice: Remote documents loaded       without prompt via IFrame
    - Resolves: rhbz#2208509 CVE-2023-1183 libreoffice: Arbitrary File Write

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6508 advisory.

    - Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula       Parsing
    - Resolves: rhbz#2210197 CVE-2023-2255 libreoffice: Remote documents loaded       without prompt via IFrame
    - Resolves: rhbz#2208510 CVE-2023-1183 libreoffice: Arbitrary File Write

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6933 advisory.

    LibreOffice is an open source, community-developed office productivity suite. It includes key desktop     applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a     drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office     suite.

    Security Fix(es):

    * libreoffice: Empty entry in Java class path (CVE-2022-38745)

    * libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)

    * libreoffice: Arbitrary file write (CVE-2023-1183)

    * libreoffice: Remote documents loaded without prompt via IFrame (CVE-2023-2255)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:6933 advisory.

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6508 advisory.

    LibreOffice is an open source, community-developed office productivity suite. It includes key desktop     applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a     drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office     suite.

    Security Fix(es):

    * libreoffice: Empty entry in Java class path (CVE-2022-38745)

    * libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)

    * libreoffice: Arbitrary file write (CVE-2023-1183)

    * libreoffice: Remote documents loaded without prompt via IFrame (CVE-2023-2255)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3526 advisory.

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6023-1 advisory.

    It was discovered that LibreOffice may be configured to add an empty entry to the Java class path. This     may lead to run arbitrary Java code from the current directory.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.14. It is, therefore, affected by multiple vulnerabilities:

  - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674)

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.     This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI     Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The     execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for     certain links is not requested; when activated, such links could therefore result in arbitrary script execution.     (CVE-2022-47052)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.14. It is, therefore, affected by multiple vulnerabilities:

  - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674)

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.     This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI     Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The     execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for     certain links is not requested; when activated, such links could therefore result in arbitrary script execution.     (CVE-2022-47052)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version

ID	Name	Product	Family	Severity
199357	RHEL 9 : libreoffice (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
199289	RHEL 8 : libreoffice (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
196590	RHEL 6 : libreoffice (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	critical
196523	RHEL 7 : libreoffice (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	critical
186134	Oracle Linux 8 : libreoffice (ELSA-2023-6933)	Nessus	Oracle Linux Local Security Checks	high
185872	Oracle Linux 9 : libreoffice (ELSA-2023-6508)	Nessus	Oracle Linux Local Security Checks	high
185684	RHEL 8 : libreoffice (RHSA-2023:6933)	Nessus	Red Hat Local Security Checks	high
185632	CentOS 8 : libreoffice (CESA-2023:6933)	Nessus	CentOS Local Security Checks	high
185155	RHEL 9 : libreoffice (RHSA-2023:6508)	Nessus	Red Hat Local Security Checks	high
179739	Debian DLA-3526-1 : libreoffice - LTS security update	Nessus	Debian Local Security Checks	critical
174410	Ubuntu 18.04 LTS / 20.04 LTS : LibreOffice vulnerability (USN-6023-1)	Nessus	Ubuntu Local Security Checks	high
173740	Apache OpenOffice < 4.1.14 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
173707	Apache OpenOffice < 4.1.14 Multiple Vulnerabilities	Nessus	Windows	high

Detections

Analytics

CVE-2022-38745

high

Tenable Plugins

high

high

critical

critical

high

high

high

high

high

critical

high

high

high