Jorg Schwenk

Researcher fromRuhr University Bochum, Germany
#10065of 53,633
27.4Total CVSS
Vulnerabilities · 4
Medium
2
High
2
PT-2021-4375
7.8
2021-09-23
Apache · Apache Openoffice · CVE-2021-41832
**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice versions prior to 4.1.11 **Description** The issue is related to errors in cryptographic signature verification, allowing a remote attacker to modify the content of an ODF document. It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. **Recommendations** For versions prior to 4.1.11, update to version 4.1.11 to resolve the issue. As a temporary workaround, consider restricting the use of cryptographic signature verification features until the update is applied.
PT-2021-4758
7.8
2021-09-23
Apache · Apache Openoffice · CVE-2021-41830
**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice versions 4.1.10 and earlier **Description** The issue is related to errors in cryptographic signature verification, allowing an attacker to manipulate signed documents and macros to appear as if they come from a trusted source. **Recommendations** For Apache OpenOffice versions 4.1.10 and earlier, update to version 4.1.11 to resolve the issue.
PT-2021-5406
5.3
2021-09-23
Apache · Apache Openoffice · CVE-2021-41831
**Name of the Vulnerable Software and Affected Versions** Apache OpenOffice versions prior to 4.1.11 **Description** The issue is related to errors in checking signed documents, which can be exploited by a remote attacker to compromise the integrity of information. It is possible for an attacker to manipulate the timestamp of signed documents. **Recommendations** For versions prior to 4.1.11, update to version 4.1.11 to resolve the issue. As a temporary workaround, consider restricting the use of signed documents until the update is applied.
PT-2011-3777
6.5
2011-06-02
Apache · Apache Rampart/C · CVE-2011-2329
**Name of the Vulnerable Software and Affected Versions** Apache Rampart/C version 1.3.0 **Description** The issue is related to the improper calculation of the expiration of timestamp tokens by the `rampart timestamp token validate` function. This allows remote attackers to bypass intended access restrictions by using an expired token. **Recommendations** For Apache Rampart/C version 1.3.0, consider disabling the `rampart timestamp token validate` function until a patch is available to properly calculate the expiration of timestamp tokens.