{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T11:21:03.672","vulnerabilities":[{"cve":{"id":"CVE-2018-16858","sourceIdentifier":"secalert@redhat.com","published":"2019-03-25T18:29:00.463","lastModified":"2024-11-21T03:53:27.727","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location."},{"lang":"es","value":"Se ha observado que libreoffice en versiones anteriores a la 6.0.7 y 6.1.3 era vulnerable a ataques de salto de directorio que podrían ser usados para ejecutar macros arbitrarios incluidos en un documento. Un atacante podría manipular un documento que, al ser abierto por LibreOffice, ejecute un método Python desde un script en cualquier ubicación arbitrara del sistema de archivos, especificada de forma relativa a la ubicación de instalación de LibreOffice."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-356"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.7","matchCriteriaId":"3962F032-670C-45E8-8AF4-0D3CF08D7D3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"6.1.3","matchCriteriaId":"3E9BC0F2-B5E0-4AE8-B5CD-B360A97D4273"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html","source":"secalert@redhat.com"},{"url":"http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2130","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Aug/28","source":"secalert@redhat.com"},{"url":"https://www.exploit-db.com/exploits/46727/","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2130","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Aug/28","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/46727/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}