Description
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
References (2)
Core 2
Core References
Vendor Advisory
https://www.openoffice.org/security/cves/CVE-2022-38745.html
Mailing List, Vendor Advisory vendor-advisory
https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0
Scores
CVSS v3
7.8
EPSS
0.0087
EPSS Percentile
54.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1188
CWE-427
CWE-94
Status
published
Products (1)
apache/openoffice
< 4.1.14
Published
Mar 24, 2023
Tracked Since
Feb 18, 2026