CVE-2022-38745

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:50

Type Values Removed Values Added
Summary Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

Information

Published : 2023-03-24 16:15

Updated : 2024-02-28 20:13


NVD link : CVE-2022-38745

Mitre link : CVE-2022-38745

CVE.ORG link : CVE-2022-38745


JSON object : View

Products Affected

apache

  • openoffice
CWE
CWE-1188

Insecure Default Initialization of Resource

CWE-427

Uncontrolled Search Path Element

CWE-94

Improper Control of Generation of Code ('Code Injection')