cve-2022-43699
Vulnerability from cvelistv5
Published
2023-04-15 00:00
Modified
2025-02-06 20:00
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
0.07% (0.31532)
Summary
OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).
References
cve@mitre.orghttps://open-xchange.comProduct
cve@mitre.orghttps://seclists.org/fulldisclosure/2023/Feb/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://open-xchange.comProduct
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/fulldisclosure/2023/Feb/3Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:40:06.233Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://open-xchange.com",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://seclists.org/fulldisclosure/2023/Feb/3",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 4.3,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "LOW",
                     integrityImpact: "NONE",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-43699",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-06T20:00:29.315634Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-918",
                        description: "CWE-918 Server-Side Request Forgery (SSRF)",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-06T20:00:33.198Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-15T00:00:00.000Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://open-xchange.com",
            },
            {
               url: "https://seclists.org/fulldisclosure/2023/Feb/3",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-43699",
      datePublished: "2023-04-15T00:00:00.000Z",
      dateReserved: "2022-10-24T00:00:00.000Z",
      dateUpdated: "2025-02-06T20:00:33.198Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.10.6\", \"matchCriteriaId\": \"5BBF1862-B6FF-4F32-A3C1-59D28BA25F81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A4EAD2E-C3C3-4C79-8C42-375FFE638486\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*\", \"matchCriteriaId\": \"39198733-D227-4935-9A60-1026040D262F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C86EE81-8CD4-4131-969A-BDA24B9B48E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9E9C869-7DA9-4EFA-B613-82BA127F6CE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8FAA329-5893-412B-8349-4DA3023CC76E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB6A57A4-B18D-498D-9A8C-406797A6255C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F0977F0-90B4-48B4-BED6-C218B5CA5E03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D55DE67-8F93-48F3-BE54-D3A065479281\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*\", \"matchCriteriaId\": \"D27980B4-B71B-4DA8-B130-F0B5929F8E65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD1709BC-7DEB-4508-B3C3-B20F5FD001A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*\", \"matchCriteriaId\": \"08A6BDD5-259E-4DC3-A548-00CD0D459749\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8166FF4-77D8-4A12-92E5-615B3DA2E602\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*\", \"matchCriteriaId\": \"999F057B-7918-461A-B60C-3BE72E92CDC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*\", \"matchCriteriaId\": \"88FD1550-3715-493E-B674-9ECF3DD7A813\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*\", \"matchCriteriaId\": \"F31A4949-397F-4D1B-8AEA-AC7B335722F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*\", \"matchCriteriaId\": \"D33A91D4-CE21-486D-9469-B09060B8C637\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAFB199C-1D66-442D-AD7E-414DD339E1D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*\", \"matchCriteriaId\": \"26322561-2491-4DC7-B974-0B92B61A5BDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*\", \"matchCriteriaId\": \"733E4A65-821B-4187-AA3A-1ACD3E882C07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B0A0043-33E8-4440-92AC-DDD70EA39535\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*\", \"matchCriteriaId\": \"303205CC-8BDE-47EE-A675-9BA19983139A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C088014-47D6-4632-9FB5-2C7B1085B762\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*\", \"matchCriteriaId\": \"42CF6057-EB40-4208-9F1E-83213E97987C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*\", \"matchCriteriaId\": \"966BC23E-B8CE-4F98-B3A6-4B620E8808BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*\", \"matchCriteriaId\": \"7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*\", \"matchCriteriaId\": \"17D71CDE-3111-459B-8520-F62E0D5D2972\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D808ED6-F819-4014-BD24-4537D52DDFB0\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).\"}]",
         id: "CVE-2022-43699",
         lastModified: "2024-11-21T07:27:04.750",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
         published: "2023-04-15T02:15:07.217",
         references: "[{\"url\": \"https://open-xchange.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2023/Feb/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://open-xchange.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2023/Feb/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
         sourceIdentifier: "cve@mitre.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2022-43699\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-04-15T02:15:07.217\",\"lastModified\":\"2025-02-06T20:15:38.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.10.6\",\"matchCriteriaId\":\"5BBF1862-B6FF-4F32-A3C1-59D28BA25F81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A4EAD2E-C3C3-4C79-8C42-375FFE638486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*\",\"matchCriteriaId\":\"39198733-D227-4935-9A60-1026040D262F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C86EE81-8CD4-4131-969A-BDA24B9B48E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9E9C869-7DA9-4EFA-B613-82BA127F6CE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8FAA329-5893-412B-8349-4DA3023CC76E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB6A57A4-B18D-498D-9A8C-406797A6255C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F0977F0-90B4-48B4-BED6-C218B5CA5E03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D55DE67-8F93-48F3-BE54-D3A065479281\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*\",\"matchCriteriaId\":\"D27980B4-B71B-4DA8-B130-F0B5929F8E65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD1709BC-7DEB-4508-B3C3-B20F5FD001A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A6BDD5-259E-4DC3-A548-00CD0D459749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8166FF4-77D8-4A12-92E5-615B3DA2E602\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*\",\"matchCriteriaId\":\"999F057B-7918-461A-B60C-3BE72E92CDC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*\",\"matchCriteriaId\":\"88FD1550-3715-493E-B674-9ECF3DD7A813\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*\",\"matchCriteriaId\":\"F31A4949-397F-4D1B-8AEA-AC7B335722F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*\",\"matchCriteriaId\":\"D33A91D4-CE21-486D-9469-B09060B8C637\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAFB199C-1D66-442D-AD7E-414DD339E1D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*\",\"matchCriteriaId\":\"26322561-2491-4DC7-B974-0B92B61A5BDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*\",\"matchCriteriaId\":\"733E4A65-821B-4187-AA3A-1ACD3E882C07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B0A0043-33E8-4440-92AC-DDD70EA39535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*\",\"matchCriteriaId\":\"303205CC-8BDE-47EE-A675-9BA19983139A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C088014-47D6-4632-9FB5-2C7B1085B762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*\",\"matchCriteriaId\":\"42CF6057-EB40-4208-9F1E-83213E97987C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*\",\"matchCriteriaId\":\"966BC23E-B8CE-4F98-B3A6-4B620E8808BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*\",\"matchCriteriaId\":\"7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*\",\"matchCriteriaId\":\"17D71CDE-3111-459B-8520-F62E0D5D2972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D808ED6-F819-4014-BD24-4537D52DDFB0\"}]}]}],\"references\":[{\"url\":\"https://open-xchange.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://seclists.org/fulldisclosure/2023/Feb/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://open-xchange.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://seclists.org/fulldisclosure/2023/Feb/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://open-xchange.com\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://seclists.org/fulldisclosure/2023/Feb/3\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:40:06.233Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-43699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-06T20:00:29.315634Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-06T20:00:21.771Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://open-xchange.com\"}, {\"url\": \"https://seclists.org/fulldisclosure/2023/Feb/3\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-04-15T00:00:00.000Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2022-43699\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-06T20:00:33.198Z\", \"dateReserved\": \"2022-10-24T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-04-15T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.