The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1598 advisory.

    LibreOffice is an open source, community-developed office productivity suite. It includes key desktop     applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a     drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office     suite.

    Security Fix(es):

    * libreoffice: Insufficient URL validation allowing LibreLogo script execution (CVE-2019-9850)

    * libreoffice: LibreLogo global-event script execution (CVE-2019-9851)

    * libreoffice: Insufficient URL encoding flaw in allowed script location check (CVE-2019-9852)

    * libreoffice: Insufficient URL decoding flaw in categorizing macro location (CVE-2019-9853)

    * libreoffice: Unsafe URL assembly flaw in allowed script location check (CVE-2019-9854)

    * libreoffice: Remote resources protection module not applied to bullet graphics (CVE-2019-9849)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : libreoffice (RHSA-2020:1598)

critical Nessus Plugin ID 143042

Version 1.12

Version 1.11

Version 1.9

Version 1.8

Version 1.7

Version 1.12 Nov 7, 2024, 8:52 AM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411070852
Version 1.11 Nov 5, 2024, 12:50 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411051250
Version 1.9 May 25, 2023, 5:09 PM Logic Changes (Added support for ppc64le architecture) Plugin Feed: 202305251709
Version 1.8 Jan 23, 2023, 7:12 PM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202301231912
Version 1.7 Jan 18, 2023, 4:10 PM CVSSv2 score source (changed from "CVE-2019-9852" to "CVE-2019-9851") CVSSv3 score source (set to "CVE-2019-9851") Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202301181610