Timestamp Manipulation with Signature Wrapping
CVE-2021-41831

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Openoffice
Vendor: CVE Published:; 11 October 2021

Summary

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.

Affected Version(s)

Apache OpenOffice Apache OpenOffice <= 4.1.10

Apache OpenOffice OpenOffice.org <= 3.4

References

https://lists.apache.org/thread.html/ra74d5057cdc781a3628...

x_refsource_MISC

https://lists.apache.org/thread.html/rc5c277cb83e33569665...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2021
Vulnerability Reserved
Sep 30, 2021

Credit

Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany