CVE-2021-28095

Опубликовано: 30 июл. 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 5.8

EPSS Низкий

Описание

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.

Ссылки

http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2021/Jul/37
Mailing List
Third Party Advisory
https://www.open-xchange.com
Product
http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2021/Jul/37
Mailing List
Third Party Advisory
https://www.open-xchange.com
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:open-xchange:open-xchange_documents:*:*:*:*:*:*:*:*

Версия до 7.10.5 (исключая)

cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:-:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision1:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision2:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision3:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision4:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00146

Низкий

4.8 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-326

Связанные уязвимости

GHSA-jjv6-934h-3qjm