CVE-2014-5236

Published: Jan 31, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.

Affected (21)

Products: Open Xchange: Open Xchange Appsuite

Open Xchange

1 product

Open Xchange Appsuite

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Open Xchange Open Xchange Appsuite	Up to 7.4.1
Open Xchange Open Xchange Appsuite	Version 7.4.2
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision10
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision1
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision2
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision3
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision4
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision5
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision6
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision7
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision8
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision9
Open Xchange Open Xchange Appsuite	Version 7.6.0
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision1
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision2
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision3
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision4
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision5
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision6
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision7
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision8