Vulnerabilities > CVE-2014-5237 - Cross-Site Request Forgery vulnerability in Open-Xchange APP Suite 7.4.2/7.6.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
open-xchange
Summary
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. <a href="http://cwe.mitre.org/data/definitions/918.html" rel="nofollow">CWE-918: Server-Side Request Forgery (SSRF)</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |