CVE-2021-41831

MEDIUM

Apache Openoffice < 4.1.11 - Signature Verification Bypass

Title source: rule

Description

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.

References (2)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757%40%3Cannounce.apache.org%3E

Scores

CVSS v3 5.3

EPSS 0.0258

EPSS Percentile 85.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-347

Status published

Affected Products (1)

apache/openoffice < 4.1.11

Timeline

Published Oct 11, 2021

Tracked Since Feb 18, 2026