{"containers": {"cna": {"affected": [{"product": "Apache OpenOffice", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "4.1.10", "status": "affected", "version": "Apache OpenOffice", "versionType": "custom"}, {"lessThanOrEqual": "3.4", "status": "affected", "version": "OpenOffice.org", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany"}], "descriptions": [{"lang": "en", "value": "It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory."}], "metrics": [{"other": {"content": {"other": "moderate"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-11T11:06:15", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E"}, {"name": "[announce] 20211010 CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757%40%3Cannounce.apache.org%3E"}], "source": {"discovery": "UNKNOWN"}, "title": "Timestamp Manipulation with Signature Wrapping", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-41831", "STATE": "PUBLIC", "TITLE": "Timestamp Manipulation with Signature Wrapping"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache OpenOffice", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache OpenOffice", "version_value": "4.1.10"}, {"version_affected": "<=", "version_name": "OpenOffice.org", "version_value": "3.4"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "moderate"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-347 Improper Verification of Cryptographic Signature"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E"}, {"name": "[announce] 20211010 CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757@%3Cannounce.apache.org%3E"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:22:24.979Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E"}, {"name": "[announce] 20211010 CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757%40%3Cannounce.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-41831", "datePublished": "2021-10-11T08:10:14", "dateReserved": "2021-09-30T00:00:00", "dateUpdated": "2024-08-04T03:22:24.979Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*", "matchCriteriaId": "62589ADA-E3D3-4FD6-BA05-F93991D689B1", "versionEndExcluding": "4.1.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory."}, {"lang": "es", "value": "Es posible que un atacante manipule la marca de tiempo de los documentos firmados. Todas las versiones de Apache OpenOffice hasta la 4.1.10 est\u00e1n afectadas. Se recomienda a usuarios que actualicen a la versi\u00f3n 4.1.11. Consulte CVE-2021-25634 para el aviso de LibreOffice"}], "id": "CVE-2021-41831", "lastModified": "2024-11-21T06:26:50.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-11T08:15:06.967", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757%40%3Cannounce.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/ra74d5057cdc781a36286a83e8bcbc90a7678f030ae73339c35dfc4f9%40%3Cusers.openoffice.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rc5c277cb83e335696657c5f27da1d1e2b5cb48346b0b55415a233757%40%3Cannounce.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}