CVE-2022-38745

HIGH

Apache OpenOffice <4.1.14 - Code Injection

Title source: llm

Description

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

References (2)

[Vendor Advisory] https://www.openoffice.org/security/cves/CVE-2022-38745.html

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 31.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1188 CWE-427 CWE-94

Status published

Products (1)

apache/openoffice < 4.1.14

Published Mar 24, 2023

Tracked Since Feb 18, 2026