Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-5236

Опубликовано: 31 янв. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*
Версия до 7.4.1 (включая)
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision1:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision10:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision2:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision3:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision4:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision5:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision6:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision7:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision8:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision9:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision1:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision2:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision3:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision4:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision5:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision6:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision7:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision8:*:*:*:*:*:*

EPSS

Процентиль: 91%
0.06674
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-4rcc-r44q-jpcm

github
больше 3 лет назад

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.

EPSS

Процентиль: 91%
0.06674
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22