Vulnerabilities > CVE-2018-12609 - Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/151034/oxappsuite784783-xssxsrfdisclose.txt |
| id | PACKETSTORM:151034 |
| last seen | 2019-01-08 |
| published | 2019-01-07 |
| reporter | Secator |
| source | https://packetstormsecurity.com/files/151034/Ox-App-Suite-7.8.4-7.8.3-XSS-CSRF-Information-Disclosure.html |
| title | Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure |
References
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf
- https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf
- http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf
- http://seclists.org/fulldisclosure/2019/Jan/10