← back
CVE-2022-38745

Apache OpenOffice: Empty entry in Java class path

CVSS 7.8 HIGHEPSS 0.9%CWE-1188CWE-427CWE-94
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apache Software Foundation · Apache OpenOffice

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.apache.org/thread/q3noq7m681kvtb29m28x74q8cnwnzzo0https://www.openoffice.org/security/cves/CVE-2022-38745.html