A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libreoffice: heap-based buffer overflow related to the ReadJPEG function (CVE-2017-8358)

  - LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and     crash) and possibly execute arbitrary code via a crafted RTF file. (CVE-2014-9093)

  - LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to     retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to     disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote     graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This     issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. (CVE-2020-12802)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The version of hsqldb installed on the remote host is prior to 1.8.1.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2557 advisory.

    A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libreoffice-7.1.8.1-11.el9 build changelog.

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Arbitrary File Write (CVE-2023-1183)

  - Remote documents loaded without prompt via IFrame (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.15. It is, therefore, affected by multiple vulnerabilities as stated in the vendor advisories and release notes.

  - Apache OpenOffice documents can contain links that call internal macros with arbitrary     arguments. Several URI Schemes are defined for this purpose. Links can be activated by     clicks, or by automatic document events. The execution of such links must be subject     to user approval. In the affected versions of Apache OpenOffice, approval for certain     links is not requested; when activated, such links could therefore result in arbitrary     script execution. This is a corner case of 2022-47502. (CVE-2023-47804)

  - An attacker can craft an OBD containing a 'database/script' file with a SCRIPT command     where the contents of the file could be written to a new file whose location was determined     by the attacker. (CVE-2023-1183)

  - In Apache OpenOffice and LibreOffice embedded content will be opened automatically without     that a warning is shown. (CVE-2012-5639)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4496-1 advisory.

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6933 advisory.

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6508 advisory.

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6933 advisory.

  - libreoffice: Empty entry in Java class path (CVE-2022-38745)

  - libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)

  - libreoffice: Arbitrary file write (CVE-2023-1183)

  - libreoffice: Remote documents loaded without prompt via IFrame (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:6933 advisory.

  - Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
    This may lead to run arbitrary Java code from the current directory. (CVE-2022-38745)

  - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation     LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow     when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as     AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected,     leading to an array index underflow, in which case there is a risk that arbitrary code could be executed.
    This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to     7.5.1. (CVE-2023-0950)

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

  - Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to     craft a document that would cause external links to be loaded without prompt. In the affected versions of     LibreOffice documents that used floating frames linked to external files, would load the contents of     those frames without prompting the user for permission to do so. This was inconsistent with the treatment     of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4     versions prior to 7.4.7; 7.5 versions prior to 7.5.3. (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6508 advisory.

  - libreoffice: Empty entry in Java class path (CVE-2022-38745)

  - libreoffice: Array index underflow in Calc formula parsing (CVE-2023-0950)

  - libreoffice: Arbitrary file write (CVE-2023-1183)

  - libreoffice: Remote documents loaded without prompt via IFrame (CVE-2023-2255)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by a vulnerability as referenced in the ALAS2LIBREOFFICE-2023-001 advisory.

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3468 advisory.

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3467 advisory.

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5436 advisory.

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5437 advisory.

  - A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script     file with a SCRIPT command where the contents of the file could be written to a new file whose location     was determined by the attacker. (CVE-2023-1183)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
199361	RHEL 7 : libreoffice (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
198272	Amazon Linux 2 : hsqldb (ALAS-2024-2557)	Nessus	Amazon Linux Local Security Checks	medium
191157	CentOS 9 : libreoffice-7.1.8.1-11.el9	Nessus	CentOS Local Security Checks	high
187659	Apache OpenOffice < 4.1.15 Multiple Vulnerabilities	Nessus	Windows	high
187658	Apache OpenOffice < 4.1.15 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
186170	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libreoffice (SUSE-SU-2023:4496-1)	Nessus	SuSE Local Security Checks	medium
186134	Oracle Linux 8 : libreoffice (ELSA-2023-6933)	Nessus	Oracle Linux Local Security Checks	high
185872	Oracle Linux 9 : libreoffice (ELSA-2023-6508)	Nessus	Oracle Linux Local Security Checks	high
185684	RHEL 8 : libreoffice (RHSA-2023:6933)	Nessus	Red Hat Local Security Checks	high
185632	CentOS 8 : libreoffice (CESA-2023:6933)	Nessus	CentOS Local Security Checks	high
185155	RHEL 9 : libreoffice (RHSA-2023:6508)	Nessus	Red Hat Local Security Checks	high
181992	Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2023-001)	Nessus	Amazon Linux Local Security Checks	medium
177654	Debian DLA-3468-1 : hsqldb1.8.0 - LTS security update	Nessus	Debian Local Security Checks	medium
177650	Debian DLA-3467-1 : hsqldb - LTS security update	Nessus	Debian Local Security Checks	medium
177489	Debian DSA-5436-1 : hsqldb1.8.0 - security update	Nessus	Debian Local Security Checks	medium
177488	Debian DSA-5437-1 : hsqldb - security update	Nessus	Debian Local Security Checks	medium

Detections

Analytics

CVE-2023-1183

medium

Tenable Plugins

critical

medium

high

high

high

medium

high

high

high

high

high

medium

medium

medium

medium

medium