{
  "threat_severity" : "Moderate",
  "public_date" : "2018-02-12T00:00:00Z",
  "bugzilla" : {
    "description" : "libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula",
    "id" : "1543120",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1543120"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.", "A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2018-03-13T00:00:00Z",
    "advisory" : "RHSA-2018:0517",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "libreoffice-1:4.3.7.2-2.el6_9.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-03-06T00:00:00Z",
    "advisory" : "RHSA-2018:0418",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libreoffice-1:5.0.6.2-15.el7_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libreoffice",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-6871\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6871\nhttps://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/" ],
  "name" : "CVE-2018-6871",
  "csaw" : false
}