FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2023-47804

Improper Input Validation (CWE-20)

Published: Dec 29, 2023 / Updated: 10mo ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-47804. See article

Dec 28, 2023 at 10:09 PM / Security feed from CyberSecurity Help
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Dec 28, 2023 at 10:10 PM
CVE Assignment

NVD published the first details for CVE-2023-47804

Dec 29, 2023 at 7:15 AM
Threat Intelligence Report

The vulnerability CVE-2023-47804 in Apache OpenOffice is critical with a CVSS score of [score]. It is being actively exploited in the wild by [who]. There are no proof-of-concept exploits available, but mitigations, detections, and patches are available. There may be downstream impacts to other third-party vendors or technology. See article

Jan 1, 2024 at 1:05 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 5.7%)

Jan 3, 2024 at 3:17 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (187659)

Jan 5, 2024 at 12:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379284)

Jan 19, 2024 at 12:00 AM
Static CVE Timeline Graph

Affected Systems

Apache/openoffice
+null more

Patches

lists.apache.org
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

1.646
FortiGuard Labs | End Point Vulnerability Updates ( Windows ) / 8mo
Modified (232) Apache OpenOffice CVE-2021-33035 Buffer Overflow Vulnerability Apache OpenOffice CVE-2021-28129 Access Control Bypass Vulnerability Apache OpenOffice CVE-2021-40439 XML External Entity Vulnerability Apache OpenOffice CVE-2021-30245 Arbitrary Code Execution Vulnerability Security Vulnerabilities fixed in OpenOffice 4.1.11 Security Vulnerabilities fixed in Apache OpenOffice 4.1.13 Apache OpenOffice CVE-2022-38745 Arbitrary Code Execution Vulnerability Apache OpenOffice CVE-2022-47502 Arbitrary Code Execution Vulnerability Oracle MySQL CVE-2017-3331 Vulnerability Oracle Java JRE CVE-2017-10104 Privilege Escalation Vulnerability Oracle Java JDK CVE-2017-10104 Privilege Escalation Vulnerability Oracle Java JRE CVE-2017-10117 Vulnerability Oracle Java JDK CVE-2017-10117 Vulnerability Oracle Java JRE CVE-2017-10121 Vulnerability Oracle Java JDK CVE-2017-10121 Vulnerability Oracle Java JRE CVE-2017-10145 Vulnerability Oracle Java JDK CVE-2017-10145 Vulnerability Oracle Java JRE CVE-2017-10341 Vulnerability Oracle Java JDK CVE-2017-10341 Vulnerability Oracle Java JRE CVE-2017-10342 Vulnerability Oracle Java JDK CVE-2017-10342 Vulnerability Oracle Java JRE CVE-2017-10380 Vulnerability Oracle Java JDK CVE-2017-10380 Vulnerability Oracle Java JRE CVE-2017-10386 Vulnerability Oracle Java JDK CVE-2017-10386 Vulnerability Oracle MySQL CVE-2017-3737 Out of Bounds Read Vulnerability Oracle MySQL CVE-2018-2562 Vulnerability Oracle MySQL CVE-2018-2573 Vulnerability Oracle MySQL CVE-2018-2583 Vulnerability Oracle MySQL CVE-2018-2590 Vulnerability Oracle MySQL CVE-2018-2591 Vulnerability Oracle MySQL CVE-2018-2612 Vulnerability Oracle MySQL CVE-2018-2622 Vulnerability Oracle MySQL CVE-2018-2640 Vulnerability Oracle MySQL CVE-2018-2645 Vulnerability Oracle MySQL CVE-2018-2647 Vulnerability Oracle MySQL CVE-2018-2665 Vulnerability Oracle MySQL CVE-2018-2668 Vulnerability Oracle Java JRE CVE-2018-2675 Vulnerability Oracle Java JDK CVE-2018-2675 Vulnerability Oracle MySQL CVE-2018-2696 Vulnerability Oracle MySQL CVE-2018-2703 Vulnerability Oracle MySQL CVE-2018-2771 Vulnerability Oracle MySQL CVE-2018-2773 Vulnerability Oracle MySQL CVE-2018-2813 Vulnerability Oracle Java JRE CVE-2018-2825 Vulnerability Oracle Java JDK CVE-2018-2825 Vulnerability Oracle Java JRE CVE-2018-2826 Vulnerability Oracle Java JDK CVE-2018-2826 Vulnerability Oracle Java JRE CVE-2018-2972 Vulnerability Oracle Java JDK CVE-2018-2972 Vulnerability Oracle MySQL CVE-2018-0739 Denial of Service Vulnerability Oracle MySQL CVE-2018-3054 Vulnerability Oracle MySQL CVE-2018-3056 Vulnerability Oracle MySQL CVE-2018-3058 Vulnerability Oracle MySQL CVE-2018-3060 Vulnerability Oracle MySQL CVE-2018-3062 Vulnerability Oracle MySQL CVE-2018-3064 Vulnerability Oracle MySQL CVE-2018-3065 Vulnerability Oracle MySQL CVE-2018-3066 Vulnerability Oracle MySQL CVE-2018-3070 Vulnerability Oracle MySQL CVE-2018-3077 Vulnerability Oracle MySQL CVE-2018-3081 Vulnerability Oracle MySQL CVE-2018-3143 Vulnerability Oracle MySQL CVE-2018-3144 Vulnerability Oracle Java JRE CVE-2018-3150 Vulnerability Oracle Java JDK CVE-2018-3150 Vulnerability Oracle MySQL CVE-2018-3155 Vulnerability Oracle MySQL CVE-2018-3156 Vulnerability Oracle Java JRE CVE-2018-3157 Vulnerability Oracle Java JDK CVE-2018-3157 Vulnerability Oracle MySQL CVE-2018-3161 Vulnerability Oracle MySQL CVE-2018-3162 Vulnerability Oracle MySQL CVE-2018-3174 Vulnerability Oracle MySQL CVE-2018-3185 Vulnerability Oracle MySQL CVE-2018-3187 Vulnerability Oracle Java JRE CVE-2018-3209 Vulnerability Oracle Java JDK CVE-2018-3209 Vulnerability Oracle MySQL CVE-2018-3247 Vulnerability Oracle MySQL CVE-2018-3276 Vulnerability Oracle MySQL CVE-2018-3278 Vulnerability Oracle MySQL CVE-2018-3282 Vulnerability Apache OpenOffice CVE-2023-47804 Arbitrary Code Execution Vulnerability Oracle MySQL CVE-2019-2420 Vulnerability Oracle MySQL CVE-2019-2434 Vulnerability Oracle Java JRE CVE-2019-2449 Vulnerability Oracle Java JDK CVE-2019-2449 Vulnerability Oracle MySQL CVE-2019-2455 Vulnerability Oracle MySQL CVE-2019-2481 Vulnerability Oracle MySQL CVE-2019-2486 Vulnerability Oracle MySQL CVE-2019-2507 Vulnerability Oracle MySQL CVE-2019-2528 Vulnerability Oracle MySQL CVE-2019-2529 Vulnerability Oracle MySQL CVE-2019-2531 Vulnerability Oracle MySQL CVE-2019-2532 Vulnerability Oracle MySQL CVE-2019-2537 Vulnerability Oracle MySQL CVE-2019-2566 Vulnerability Oracle MySQL CVE-2019-2632 Vulnerability Oracle Java JRE CVE-2019-2699 Vulnerability Oracle Java JDK CVE-2019-2699 Vulnerability Oracle Java JRE CVE-2019-2842 Vulnerability Oracle Java JDK CVE-2019-2842 Vulnerability Microsoft CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability Oracle Java JRE CVE-2019-11068 Vulnerability Oracle Java JDK CVE-2019-11068 Vulnerability Oracle MySQL CVE-2019-2910 Vulnerability Oracle MySQL CVE-2019-2911 Vulnerability Oracle MySQL CVE-2019-2922 Vulnerability Oracle MySQL CVE-2019-2923 Vulnerability Oracle MySQL CVE-2019-2924 Vulnerability Oracle MySQL CVE-2019-2938 Vulnerability Oracle MySQL CVE-2019-2969 Vulnerability Oracle MySQL CVE-2019-2974 Vulnerability Oracle Java JRE CVE-2019-2996 Vulnerability Oracle Java JDK CVE-2019-2996 Vulnerability Oracle Java JRE CVE-2019-13117 Use of Uninitialized Resource Vulnerability Oracle Java JDK CVE-2019-13117 Use of Uninitialized Resource Vulnerability Oracle Java JRE CVE-2019-13118 Type Confusion Vulnerability Oracle Java JDK CVE-2019-13118 Type Confusion Vulnerability Oracle Java JRE CVE-2019-16168 Denial of Service Vulnerability Oracle Java JDK CVE-2019-16168 Denial of Service Vulnerability Oracle Java JRE CVE-2020-2585 Vulnerability Oracle Java JDK CVE-2020-2585 Vulnerability Oracle Java JRE CVE-2019-18197 Use After Free Vulnerability Oracle Java JDK CVE-2019-18197 Use After Free Vulnerability Oracle MySQL CVE-2020-2765 Vulnerability Oracle MySQL CVE-2020-2898 Vulnerability Oracle Java JRE CVE-2020-14664 Vulnerability Oracle Java JDK CVE-2020-14664 Vulnerability Oracle VirtualBox CVE-2018-0732 Weak Encryption Vulnerability Oracle VirtualBox CVE-2018-2909 Vulnerability Oracle VirtualBox CVE-2018-3287 Vulnerability Oracle VirtualBox CVE-2018-3288 Vulnerability Oracle VirtualBox CVE-2018-3289 Vulnerability Oracle VirtualBox CVE-2018-3290 Vulnerability Oracle VirtualBox CVE-2018-3291 Vulnerability Oracle VirtualBox CVE-2018-3292 Vulnerability Oracle VirtualBox CVE-2018-3293 Vulnerability Oracle VirtualBox CVE-2018-3294 Vulnerability Oracle VirtualBox CVE-2018-3295 Vulnerability Oracle VirtualBox CVE-2018-3296 Vulnerability Oracle VirtualBox CVE-2018-3297 Vulnerability Oracle VirtualBox CVE-2018-3298 Vulnerability Oracle VirtualBox CVE-2018-3309 Vulnerability Oracle Java JRE CVE-2020-14803 Vulnerability Oracle Java JDK CVE-2020-14803 Vulnerability Oracle VirtualBox CVE-2021-2073 Vulnerability Oracle VirtualBox CVE-2021-2074 Vulnerability Oracle VirtualBox CVE-2021-2086 Vulnerability Oracle VirtualBox CVE-2021-2111 Vulnerability Oracle VirtualBox CVE-2021-2112 Vulnerability Oracle VirtualBox CVE-2021-2119 Vulnerability Oracle VirtualBox CVE-2021-2120 Vulnerability Oracle VirtualBox CVE-2021-2121 Vulnerability Oracle VirtualBox CVE-2021-2123 Vulnerability Oracle VirtualBox CVE-2021-2124 Vulnerability Oracle VirtualBox CVE-2021-2125 Vulnerability Oracle VirtualBox CVE-2021-2126 Vulnerability Oracle VirtualBox CVE-2021-2127 Vulnerability Oracle VirtualBox CVE-2021-2128 Vulnerability Oracle VirtualBox CVE-2021-2129 Vulnerability Oracle VirtualBox CVE-2021-2130 Vulnerability Oracle VirtualBox CVE-2021-2131 Vulnerability Oracle VirtualBox CVE-2021-2145 Vulnerability Oracle VirtualBox CVE-2021-2250 Vulnerability Oracle VirtualBox CVE-2021-2264 Vulnerability Oracle VirtualBox CVE-2021-2266 Vulnerability Oracle VirtualBox CVE-2021-2279 Vulnerability Oracle VirtualBox CVE-2021-2280 Vulnerability Oracle VirtualBox CVE-2021-2281 Vulnerability Oracle VirtualBox CVE-2021-2282 Vulnerability Oracle VirtualBox CVE-2021-2283 Vulnerability Oracle VirtualBox CVE-2021-2284 Vulnerability Oracle VirtualBox CVE-2021-2285 Vulnerability Oracle VirtualBox CVE-2021-2286 Vulnerability Oracle VirtualBox CVE-2021-2287 Vulnerability Oracle VirtualBox CVE-2021-2291 Vulnerability Oracle VirtualBox CVE-2021-2296 Vulnerability Oracle VirtualBox CVE-2021-2297 Vulnerability Oracle VirtualBox CVE-2021-2306 Vulnerability Oracle VirtualBox CVE-2021-2309 Vulnerability Oracle VirtualBox CVE-2021-2310 Vulnerability Oracle VirtualBox CVE-2021-2312 Vulnerability Oracle VirtualBox CVE-2021-2409 Vulnerability Oracle Java JRE CVE-2021-2432 Vulnerability Oracle Java JDK CVE-2021-2432 Vulnerability Oracle VirtualBox CVE-2021-2442 Vulnerability Oracle VirtualBox CVE-2021-2443 Vulnerability Oracle VirtualBox CVE-2021-2454 Vulnerability Oracle VirtualBox CVE-2021-2475 Vulnerability Oracle Java JRE CVE-2021-3517 Out of Bounds Write Vulnerability Oracle Java JDK CVE-2021-3517 Out of Bounds Write Vulnerability Oracle Java JRE CVE-2021-3522 Out of Bounds Read Vulnerability Oracle Java JDK CVE-2021-3522 Out of Bounds Read Vulnerability Oracle VirtualBox CVE-2021-35538 Vulnerability Oracle VirtualBox CVE-2021-35540 Vulnerability Oracle VirtualBox CVE-2021-35542 Vulnerability Oracle VirtualBox CVE-2021-35545 Vulnerability Oracle Java JRE CVE-2021-35560 Vulnerability Oracle Java JDK CVE-2021-35560 Vulnerability Oracle VirtualBox CVE-2022-21295 Vulnerability Oracle VirtualBox CVE-2022-21394 Vulnerability Oracle VirtualBox CVE-2022-21465 Vulnerability Oracle VirtualBox CVE-2022-21471 Vulnerability Oracle VirtualBox CVE-2022-21487 Vulnerability Oracle VirtualBox CVE-2022-21488 Vulnerability Oracle VirtualBox CVE-2022-21491 Vulnerability Oracle VirtualBox CVE-2022-21554 Vulnerability Oracle VirtualBox CVE-2022-21571 Vulnerability Oracle VirtualBox CVE-2022-37434 Out of Bounds Write Vulnerability Oracle Java JRE CVE-2023-23918 Authorization Bypass Vulnerability Oracle Java JDK CVE-2023-23918 Authorization Bypass Vulnerability TeamViewer CVE-2023-0837 Authorization Bypass Vulnerability ImageMagick CVE-2023-1906 Buffer Overflow Vulnerability Python CVE-2023-27043 Input Validation Bypass Vulnerability Oracle Java JRE CVE-2023-22043 Vulnerability Oracle Java JDK CVE-2023-22043 Vulnerability Adobe Media Encoder CVE-2021-43757 Out of Bounds Read Vulnerability Adobe Media Encoder CVE-2021-43758 Out of Bounds Read Vulnerability Adobe Media Encoder CVE-2021-43759 Out of Bounds Read Vulnerability Adobe Media Encoder CVE-2021-43760 Out of Bounds Read Vulnerability ImageMagick CVE-2023-2157 Buffer Overflow Vulnerability QEMU CVE-2023-4135 Out of Bounds Read Vulnerability ImageMagick CVE-2023-39978 Denial of Service Vulnerability ImageMagick CVE-2022-28463 Buffer Overflow Vulnerability ImageMagick CVE-2021-3962 Use After Free Vulnerability ImageMagick CVE-2021-3574 Denial of Service Vulnerability Oracle MySQL CVE-2022-24407 SQL Injection Vulnerability Oracle MySQL CVE-2022-42898 Buffer Overflow Vulnerability Oracle MySQL CVE-2023-22095 Vulnerability Foxit PDF Reader CVE-2019-8342 Permission Bypass Vulnerability Oracle MySQL CVE-2023-5363 Vulnerability
Update Thu Feb 22 02:05:14 UTC 2024
Recent Commits to cve:main / 9mo
Update Thu Feb 22 02:05:14 UTC 2024
editors/openoffice-4 - 4.1.15
FreshPorts news / 9mo
Since we use the ports version of expat instead of bundling it into Remove the point release from the suffix appended to the names of
oss-security mailing list
Openwall - bringing security into open computing environments / 9mo
2024/01/28 #1: Re: Numerous unconfirmed FOSS CVEs disclosed on FD mailing list (Christian Brabandt <cb@...bit.org>) 2024/01/26 #2: Numerous unconfirmed FOSS CVEs disclosed on FD mailing list (Alan Coopersmith <alan.coopersmith@...cle.com>)
CTO at NCSC Summary: week ending January 14th
CTO at NCSC - Cyber Defence Analysis / 10mo
China Orders Banks, Insurers to Review Cyber and Data Security - In a directive sent at the end of last year, The National Financial Regulatory Administration asked banks and insurers to fix any identified loopholes to guard against the risk of ransomware attacks by mid-January, according to people familiar with the matter. The group is so understaffed that it is sometimes forced to work with anonymous “black hat” hackers, who may have previously attacked government websites but are willing to offer tips on looming threats, said Jeffrey Ian Dy, undersecretary at the Department of Information and Communications Technology.
See 22 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.8(18246)CWE-20(11385)CWE-88(244)Apache(2568)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial