{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "69351", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69351"}, {"name": "60235", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60235"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"name": "20140821 CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/533200/100/0/threaded"}, {"name": "apache-openoffice-cve20143524-command-exec(95421)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95421"}, {"name": "1030755", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030755"}, {"name": "59877", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59877"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openoffice.org/security/cves/CVE-2014-3524.html"}, {"name": "GLSA-201603-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-05"}, {"name": "59600", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59600"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:16.810Z"}, "title": "CVE Program Container", "references": [{"name": "69351", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69351"}, {"name": "60235", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60235"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"name": "20140821 CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/533200/100/0/threaded"}, {"name": "apache-openoffice-cve20143524-command-exec(95421)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95421"}, {"name": "1030755", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030755"}, {"name": "59877", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59877"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openoffice.org/security/cves/CVE-2014-3524.html"}, {"name": "GLSA-201603-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-05"}, {"name": "59600", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59600"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3524", "datePublished": "2014-08-26T14:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:16.810Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "B33E0CB6-2B56-45AC-9268-8AD54AC99DC0", "versionEndExcluding": "4.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEF647EF-54CE-43BC-A5D2-5FA854BEFB46", "versionEndExcluding": "4.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "4341B2DF-D74B-4EF6-8975-35E18308797B", "versionEndExcluding": "4.3.1", "versionStartIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet."}, {"lang": "es", "value": "Apache OpenOffice anterior a 4.1.1 permite a atacantes remotos ejecutar comandos arbitrarios y posiblemente tener otro impacto no especificado a trav\u00e9s de una hoja de c\u00e1lculo Calc manipulada."}], "id": "CVE-2014-3524", "lastModified": "2022-02-07T16:25:26.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-08-26T14:55:05.923", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://blog.documentfoundation.org/2014/08/28/libreoffice-4-3-1-fresh-announced/"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59600"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/59877"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/60235"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.openoffice.org/security/cves/CVE-2014-3524.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/533200/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/69351"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030755"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95421"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201603-05"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libreoffice/openoffice.org: CSV command injection and DDE formulas", "id": "1134172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1134172"}, "csaw": false, "cvss": {"cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet."], "name": "CVE-2014-3524", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "openoffice.org", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-08-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3524\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3524"], "statement": "Not vulnerable. This issue does not affect the version of OpenOffice as shipped in Red Hat Enterprise Linux 5. This issue does not affect the version of LibreOffice as shipped in Red Hat Enterprise Linux 6 and 7.", "threat_severity": "Moderate"}