Home > Vulnerability Database > CVE-2022-37400

Mend.io Vulnerability Database

CVE-2022-37400

Good to know:

Date: August 13, 2022

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice

Language: C++

Severity Score

8.8

Related Resources (4)

Url: https://www.openoffice.org/security/cves/CVE-2022-37400.html

Url: http://www.openwall.com/lists/oss-security/2022/08/13/1

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-37400

Url: https://www.mend.io/vulnerability-database/CVE-2022-37400

Severity Score

8.8

Weakness Type (CWE)

Inadequate Encryption Strength

CWE-326

Use of Insufficiently Random Values

CWE-330

Top Fix

Upgrade Version

Upgrade to version AOO4113-GA

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-37400

Good to know:

Date: August 13, 2022

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?