CVE-2014-5238

Published: Jan 14, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.

Affected (21)

Products: Open Xchange: Open Xchange Appsuite

Open Xchange

1 product

Open Xchange Appsuite

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Open Xchange Open Xchange Appsuite	Up to 7.4.1
Open Xchange Open Xchange Appsuite	Version 7.4.2
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision10
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision1
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision2
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision3
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision4
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision5
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision6
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision7
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision8
Open Xchange Open Xchange Appsuite	Version 7.4.2 revision9
Open Xchange Open Xchange Appsuite	Version 7.6.0
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision1
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision2
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision3
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision4
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision5
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision6
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision7
Open Xchange Open Xchange Appsuite	Version 7.6.0 revision8