← Back

CVE-2021-26699

nvd nist
Published: Jul 22, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.

Affected (56)

Open Xchange
1 product
Open Xchange Appsuite
Configuration A
56 vulnerable
Vulnerable SoftwareAffected Versions
Open Xchange
Open Xchange Appsuite
Version 7.10.3
Open Xchange Appsuite
Version 7.10.3 patch_release5547
Open Xchange Appsuite
Version 7.10.3 patch_release5572
Open Xchange Appsuite
Version 7.10.3 patch_release5623
Open Xchange Appsuite
Version 7.10.3 patch_release5653
Open Xchange Appsuite
Version 7.10.3 patch_release5677
Open Xchange Appsuite
Version 7.10.3 patch_release5720
Open Xchange Appsuite
Version 7.10.3 rev10
Open Xchange Appsuite
Version 7.10.3 rev11
Open Xchange Appsuite
Version 7.10.3 rev12
Open Xchange Appsuite
Version 7.10.3 rev13
Open Xchange Appsuite
Version 7.10.3 rev14
Open Xchange Appsuite
Version 7.10.3 rev15
Open Xchange Appsuite
Version 7.10.3 rev16
Open Xchange Appsuite
Version 7.10.3 rev17
Open Xchange Appsuite
Version 7.10.3 rev18
Open Xchange Appsuite
Version 7.10.3 rev19
Open Xchange Appsuite
Version 7.10.3 rev1
Open Xchange Appsuite
Version 7.10.3 rev20
Open Xchange Appsuite
Version 7.10.3 rev21
Open Xchange Appsuite
Version 7.10.3 rev22
Open Xchange Appsuite
Version 7.10.3 rev23
Open Xchange Appsuite
Version 7.10.3 rev24
Open Xchange Appsuite
Version 7.10.3 rev25
Open Xchange Appsuite
Version 7.10.3 rev26
Open Xchange Appsuite
Version 7.10.3 rev27
Open Xchange Appsuite
Version 7.10.3 rev28
Open Xchange Appsuite
Version 7.10.3 rev29
Open Xchange Appsuite
Version 7.10.3 rev2
Open Xchange Appsuite
Version 7.10.3 rev30
Open Xchange Appsuite
Version 7.10.3 rev31
Open Xchange Appsuite
Version 7.10.3 rev3
Open Xchange Appsuite
Version 7.10.3 rev4
Open Xchange Appsuite
Version 7.10.3 rev5
Open Xchange Appsuite
Version 7.10.3 rev6
Open Xchange Appsuite
Version 7.10.3 rev7
Open Xchange Appsuite
Version 7.10.3 rev8
Open Xchange Appsuite
Version 7.10.3 rev9
Open Xchange Appsuite
Version 7.10.4
Open Xchange Appsuite
Version 7.10.4 rev10
Open Xchange Appsuite
Version 7.10.4 rev11
Open Xchange Appsuite
Version 7.10.4 rev12
Open Xchange Appsuite
Version 7.10.4 rev13
Open Xchange Appsuite
Version 7.10.4 rev14
Open Xchange Appsuite
Version 7.10.4 rev15
Open Xchange Appsuite
Version 7.10.4 rev16
Open Xchange Appsuite
Version 7.10.4 rev17
Open Xchange Appsuite
Version 7.10.4 rev1
Open Xchange Appsuite
Version 7.10.4 rev2
Open Xchange Appsuite
Version 7.10.4 rev3
Open Xchange Appsuite
Version 7.10.4 rev4
Open Xchange Appsuite
Version 7.10.4 rev5
Open Xchange Appsuite
Version 7.10.4 rev6
Open Xchange Appsuite
Version 7.10.4 rev7
Open Xchange Appsuite
Version 7.10.4 rev8
Open Xchange Appsuite
Version 7.10.4 rev9

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (8)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.