Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00534
Percentile: 0.66403

CVSS Scoring

Mapped CWE(s)

• CWE-611 : Improper Restriction of XML External Entity Reference

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:librdf:raptor:*:*:*:*:*:*:*:*
• cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*
• cpe:2.3:a:libreoffice:libreoffice:3.5.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:openoffice:3.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache:openoffice:3.4.0:beta:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
• cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

← Back to Home