{}

{}

{}

{"affected_release": [{"advisory": "RHSA-2022:1766", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libreoffice-1:6.4.7.2-10.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}], "bugzilla": {"description": "libreoffice: Content Manipulation with Certificate Validation Attack", "id": "2013152", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013152"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-295", "details": ["A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and integrity."], "name": "CVE-2021-25635", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libreoffice:flatpak/libreoffice", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-10-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-25635\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25635\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2021-25635/"], "threat_severity": "Moderate", "upstream_fix": "LibreOffice 7.0.5, LibreOffice 7.1.1"}