Lucene search

Ubuntu.comUB:CVE-2021-25631

HistoryMay 03, 2021 - 12:00 a.m.

CVE-2021-25631

2021-05-0300:00:00

ubuntu.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

65.1%

JSON

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0
series in versions prior to 7.0.5, the denylist can be circumvented by
manipulating the link so it doesn’t match the denylist but results in
ShellExecute attempting to launch an executable type.

Notes

Author	Note
mdeslaur	This is a windows-specific CVE

References

launchpad.net/bugs/cve/CVE-2021-25631

nvd.nist.gov/vuln/detail/CVE-2021-25631

positive.security/blog/url-open-rce#open-libreoffice

security-tracker.debian.org/tracker/CVE-2021-25631

www.cve.org/CVERecord?id=CVE-2021-25631

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

65.1%

JSON

Related for UB:CVE-2021-25631