← Back

CVE-2022-43698

nvd nist
Published: Apr 15, 2023Modified: Feb 6, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.

Affected (31)

Open Xchange
1 product
Ox App Suite
Configuration A
31 vulnerable
Vulnerable SoftwareAffected Versions
Open Xchange
Ox App Suite
Before 7.10.6
Ox App Suite
Version 7.10.6
Ox App Suite
Version 7.10.6 rev01
Ox App Suite
Version 7.10.6 rev02
Ox App Suite
Version 7.10.6 rev03
Ox App Suite
Version 7.10.6 rev04
Ox App Suite
Version 7.10.6 rev05
Ox App Suite
Version 7.10.6 rev06
Ox App Suite
Version 7.10.6 rev07
Ox App Suite
Version 7.10.6 rev08
Ox App Suite
Version 7.10.6 rev09
Ox App Suite
Version 7.10.6 rev10
Ox App Suite
Version 7.10.6 rev11
Ox App Suite
Version 7.10.6 rev12
Ox App Suite
Version 7.10.6 rev13
Ox App Suite
Version 7.10.6 rev14
Ox App Suite
Version 7.10.6 rev15
Ox App Suite
Version 7.10.6 rev16
Ox App Suite
Version 7.10.6 rev17
Ox App Suite
Version 7.10.6 rev18
Ox App Suite
Version 7.10.6 rev19
Ox App Suite
Version 7.10.6 rev20
Ox App Suite
Version 7.10.6 rev21
Ox App Suite
Version 7.10.6 rev22
Ox App Suite
Version 7.10.6 rev23
Ox App Suite
Version 7.10.6 rev24
Ox App Suite
Version 7.10.6 rev25
Ox App Suite
Version 7.10.6 rev26
Ox App Suite
Version 7.10.6 rev27
Ox App Suite
Version 7.10.6 rev28
Ox App Suite
Version 7.10.6 rev29

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.