5.5

CVE-2017-3157

EPSS 1.06%
Published 20.11.2017 20:29:00
Last modified 20.04.2025 01:37:25
Source security@apache.org
Teams watchlist Login
Open Login

By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Openoffice Version <= 4.1.3

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.3

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.06%	0.769

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/96402

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037893

Third Party Advisory

VDB Entry

Issue Tracking

https://access.redhat.com/errata/RHSA-2017:0914

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:0979

Third Party Advisory

https://www.debian.org/security/2017/dsa-3792

Third Party Advisory

Issue Tracking

https://www.openoffice.org/security/cves/CVE-2017-3157.html

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-3157

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3157

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3157

EUVD