CVE-2018-6871

Опубликовано: 12 фев. 2018

Источник: redhat

CVSS3: 4.7

EPSS Средний

Описание

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	libreoffice	Not affected
Red Hat Enterprise Linux 6	libreoffice	Fixed	RHSA-2018:0517	13.03.2018
Red Hat Enterprise Linux 7	libreoffice	Fixed	RHSA-2018:0418	06.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1543120libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula

EPSS

Процентиль: 97%

0.4268

Средний

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2018-6871

CVSS3: 9.8

ubuntu

почти 8 лет назад

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

CVE-2018-6871

CVSS3: 9.8

nvd

почти 8 лет назад

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

CVE-2018-6871

CVSS3: 9.8

debian

почти 8 лет назад

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers ...

openSUSE-SU-2018:0446-1

suse-cvrf

почти 8 лет назад

Security update for libreoffice

SUSE-SU-2018:0443-1

suse-cvrf

почти 8 лет назад

Security update for libreoffice

EPSS

Процентиль: 97%

0.4268

Средний

4.7 Medium

CVSS3