CVE-2021-26699

Опубликовано: 22 июл. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 5.8

EPSS Низкий

Описание

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.

Ссылки

http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2021/Jul/33
Mailing List
Third Party Advisory
https://seclists.org/fulldisclosure/2021/Jul/33
Mailing List
Third Party Advisory
https://www.open-xchange.com
Vendor Advisory
http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2021/Jul/33
Mailing List
Third Party Advisory
https://seclists.org/fulldisclosure/2021/Jul/33
Mailing List
Third Party Advisory
https://www.open-xchange.com
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev12:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev13:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev14:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev15:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev16:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev17:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev18:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev19:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev2:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev20:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev21:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev22:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev23:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev24:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev25:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev26:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev27:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev28:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev29:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev3:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev30:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev31:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev4:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev5:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev6:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev7:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev8:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev9:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:-:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev1:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev10:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev11:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev12:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev13:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev14:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev15:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev16:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev17:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev2:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev3:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev4:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev5:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev6:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev7:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev8:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.4:rev9:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00473

Низкий

5.4 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-2j6h-hwqg-cgj9

github

больше 3 лет назад