7.10.4

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

LOW

network

low complexity

open-xchange

CWE-918

NVD

Published: 2021-07-22

Updated: 2022-02-10

Summary

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.

Vulnerable Configurations

Part	Description	Count
Application	Open-Xchange Open Xchange Open Xchange Appsuite 7.10.3 Open Xchange Open Xchange Appsuite 7.10.4	56

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://seclists.org/fulldisclosure/2021/Jul/33
https://www.open-xchange.com
http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2021/Jul/33