Home > Vulnerability Database > CVE-2022-47502

Mend.io Vulnerability Database

CVE-2022-47502

Good to know:

Date: March 24, 2023

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.

Language: C++

Severity Score

7.8

Related Resources (6)

Url: https://www.openoffice.org/security/cves/CVE-2022-47502.html

Url: http://www.openwall.com/lists/oss-security/2024/01/03/3

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-47502

Url: http://www.openwall.com/lists/oss-security/2023/12/28/3

Url: https://lists.apache.org/thread/xr6tl91jj2jgcq8pdbrc4d8w13s6xn80

Url: https://www.mend.io/vulnerability-database/CVE-2022-47502

Severity Score

7.8

Weakness Type (CWE)

Argument Injection or Modification

CWE-88

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version AOO4114-GA

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-47502

Good to know:

Date: March 24, 2023

Language: C++

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?