How severe is CVE-2022-3140?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2022-3140?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2022-3140 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.

Related Vulnerabilities

CVE-2015-6864

MEDIUM

CVSS:6.3(Medium)

HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

CWE-202015

CVE-2016-0276

MEDIUM

CVSS:6.3(Medium)

IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0...

CWE-202016

CVE-2016-9955

MEDIUM

CVSS:6.3(Medium)

The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consum...

CWE-202016