7.10.3

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

open-xchange

NVD

Published: 2020-10-23

Updated: 2021-07-21

Summary

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).

Vulnerable Configurations

Part	Description	Count
Application	Open-Xchange Open Xchange Open Xchange Appsuite 7.10.2 Open Xchange Open Xchange Appsuite 7.10.3	2

References

https://www.open-xchange.com/
https://seclists.org/fulldisclosure/2020/Oct/20