CVE-2021-41830

HIGH

Apache Openoffice < 4.1.11 - Signature Verification Bypass

Title source: rule

Description

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.

References (2)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread.html/r97d287c88881aa581f1b18cb01e2cbedc4e6eae85958491acb89b12e%40%3Cusers.openoffice.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/raaab8a3b91f8d7b7ba14f873b8d0fd13952c823acc3385b7a374e754%40%3Cannounce.apache.org%3E

Scores

CVSS v3 7.5

EPSS 0.0144

EPSS Percentile 80.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-347

Status published

Affected Products (1)

apache/openoffice < 4.1.11

Timeline

Published Oct 11, 2021

Tracked Since Feb 18, 2026