CVE-2022-24406

Published: Jul 27, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.

Affected (1)

Products: Open Xchange: Ox App Suite

Open Xchange

1 product

Ox App Suite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Open Xchange Ox App Suite	Up to 7.10.6

Related CWEs

CWE-330

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (4)

https://open-xchange.com

Source: cve@mitre.org

ProductVendor Advisory

https://seclists.org/fulldisclosure/2022/Jul/11

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://open-xchange.com

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://seclists.org/fulldisclosure/2022/Jul/11

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

Timeline

No history available yet.