← Back

CVE-2022-37313

nvd nist
Published: Dec 26, 2022Modified: Apr 14, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.

Affected (53)

Open Xchange
1 product
Open Xchange Appsuite
Configuration A
53 vulnerable
Vulnerable SoftwareAffected Versions
Open Xchange
Open Xchange Appsuite
Before 7.10.5
Open Xchange Appsuite
Version 7.10.5
Open Xchange Appsuite
Version 7.10.5 patch_release_5961
Open Xchange Appsuite
Version 7.10.5 patch_release_5973
Open Xchange Appsuite
Version 7.10.5 patch_release_5976
Open Xchange Appsuite
Version 7.10.5 patch_release_5982
Open Xchange Appsuite
Version 7.10.5 patch_release_5989
Open Xchange Appsuite
Version 7.10.5 patch_release_5994
Open Xchange Appsuite
Version 7.10.5 patch_release_6000
Open Xchange Appsuite
Version 7.10.5 patch_release_6003
Open Xchange Appsuite
Version 7.10.5 patch_release_6008
Open Xchange Appsuite
Version 7.10.5 patch_release_6010
Open Xchange Appsuite
Version 7.10.5 patch_release_6016
Open Xchange Appsuite
Version 7.10.5 patch_release_6020
Open Xchange Appsuite
Version 7.10.5 patch_release_6026
Open Xchange Appsuite
Version 7.10.5 patch_release_6029
Open Xchange Appsuite
Version 7.10.5 patch_release_6034
Open Xchange Appsuite
Version 7.10.5 patch_release_6035
Open Xchange Appsuite
Version 7.10.5 patch_release_6038
Open Xchange Appsuite
Version 7.10.5 patch_release_6046
Open Xchange Appsuite
Version 7.10.5 patch_release_6051
Open Xchange Appsuite
Version 7.10.5 patch_release_6053
Open Xchange Appsuite
Version 7.10.5 patch_release_6060
Open Xchange Appsuite
Version 7.10.5 patch_release_6061
Open Xchange Appsuite
Version 7.10.5 patch_release_6066
Open Xchange Appsuite
Version 7.10.5 patch_release_6068
Open Xchange Appsuite
Version 7.10.5 patch_release_6072
Open Xchange Appsuite
Version 7.10.5 patch_release_6079
Open Xchange Appsuite
Version 7.10.5 patch_release_6084
Open Xchange Appsuite
Version 7.10.5 patch_release_6092
Open Xchange Appsuite
Version 7.10.5 patch_release_6101
Open Xchange Appsuite
Version 7.10.5 patch_release_6111
Open Xchange Appsuite
Version 7.10.5 patch_release_6120
Open Xchange Appsuite
Version 7.10.5 patch_release_6132
Open Xchange Appsuite
Version 7.10.5 patch_release_6137
Open Xchange Appsuite
Version 7.10.5 patch_release_6140
Open Xchange Appsuite
Version 7.10.5 patch_release_6149
Open Xchange Appsuite
Version 7.10.6
Open Xchange Appsuite
Version 7.10.6 patch_release_6069
Open Xchange Appsuite
Version 7.10.6 patch_release_6073
Open Xchange Appsuite
Version 7.10.6 patch_release_6080
Open Xchange Appsuite
Version 7.10.6 patch_release_6085
Open Xchange Appsuite
Version 7.10.6 patch_release_6093
Open Xchange Appsuite
Version 7.10.6 patch_release_6102
Open Xchange Appsuite
Version 7.10.6 patch_release_6112
Open Xchange Appsuite
Version 7.10.6 patch_release_6121
Open Xchange Appsuite
Version 7.10.6 patch_release_6133
Open Xchange Appsuite
Version 7.10.6 patch_release_6138
Open Xchange Appsuite
Version 7.10.6 patch_release_6141
Open Xchange Appsuite
Version 7.10.6 patch_release_6146
Open Xchange Appsuite
Version 7.10.6 patch_release_6147
Open Xchange Appsuite
Version 7.10.6 patch_release_6148
Open Xchange Appsuite
Version 7.10.6 patch_release_6150

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory

Timeline

No history available yet.