Vulnerability Description
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Openoffice | < 4.1.14 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0Mailing ListVendor Advisory
- https://www.openoffice.org/security/cves/CVE-2022-38745.htmlVendor Advisory
- https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0Mailing ListVendor Advisory
- https://www.openoffice.org/security/cves/CVE-2022-38745.htmlVendor Advisory
FAQ
What is CVE-2022-38745?
CVE-2022-38745 is a vulnerability with a CVSS score of 7.8 (HIGH). Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
How severe is CVE-2022-38745?
CVE-2022-38745 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-38745?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice.