CVE-2022-38745

HIGH

Apache OpenOffice <4.1.14 - Code Injection

Title source: llm

Description

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

References (2)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0

[Vendor Advisory] https://www.openoffice.org/security/cves/CVE-2022-38745.html

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-1188 CWE-427 CWE-94

Status published

Affected Products (1)

apache/openoffice < 4.1.14

Timeline

Published Mar 24, 2023

Tracked Since Feb 18, 2026