Double Certificate Attack
CVE-2021-41830

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Openoffice
Vendor: CVE Published:; 11 October 2021

Summary

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.

Affected Version(s)

Apache OpenOffice Apache OpenOffice <= 4.1.10

Apache OpenOffice OpenOffice.org <= 3.4

References

https://lists.apache.org/thread.html/r97d287c88881aa581f1...

x_refsource_MISC

https://lists.apache.org/thread.html/raaab8a3b91f8d7b7ba1...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2021
Vulnerability Reserved
Sep 30, 2021

Credit

Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany