CVE-2021-25631 Vulnerability Details

  /     /     /  

CVE-2021-25631 Metadata Quick Info

CVE Published: 03/05/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: Document Fdn. | Vendor: The Document Foundation | Product: LibreOffice
Status : PUBLISHED

CVE-2021-25631 Description

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn\'t match the denylist but results in ShellExecute attempting to launch an executable type.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-184
CWE Name: CWE-184 Incomplete Denylist
Source: The Document Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2021-25631 Vulnerability Details