cvelistv5 - cve-2022-43699

Source	URL	Tags
cve@mitre.org	https://open-xchange.com	Product
cve@mitre.org	https://seclists.org/fulldisclosure/2023/Feb/3	Mailing List, Third Party Advisory

Vendor	Product
n/a	n/a

ghsa-qgqh-6wpp-27c4

Vulnerability from github

Published

2023-04-15 03:30

Modified

2024-04-04 03:29

Severity

4.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-43699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-15T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).",
  "id": "GHSA-qgqh-6wpp-27c4",
  "modified": "2024-04-04T03:29:02Z",
  "published": "2023-04-15T03:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43699"
    },
    {
      "type": "WEB",
      "url": "https://open-xchange.com"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2023/Feb/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

oxas-adv-2022-0002

Vulnerability from csaf_ox

Published

2022-11-02 00:00

Modified

2024-01-22 00:00

Summary

OX App Suite Security Advisory OXAS-ADV-2022-0002

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "CRITICAL"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "lang": "en-US",
    "publisher": {
      "category": "vendor",
      "name": "Open-Xchange GmbH",
      "namespace": "https://open-xchange.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Release Notes",
        "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6188_7.10.5_2022-11-02.pdf"
      },
      {
        "category": "external",
        "summary": "Release Notes",
        "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6189_7.10.6_2022-11-02.pdf"
      },
      {
        "category": "self",
        "summary": "Canonical CSAF document",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2022/oxas-adv-2022-0002.json"
      },
      {
        "category": "self",
        "summary": "Markdown representation",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/md/2022/oxas-adv-2022-0002.md"
      },
      {
        "category": "self",
        "summary": "HTML representation",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/html/2022/oxas-adv-2022-0002.html"
      },
      {
        "category": "self",
        "summary": "Plain-text representation",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/txt/2022/oxas-adv-2022-0002.txt"
      }
    ],
    "title": "OX App Suite Security Advisory OXAS-ADV-2022-0002",
    "tracking": {
      "current_release_date": "2024-01-22T00:00:00+00:00",
      "generator": {
        "date": "2024-01-22T13:14:08+00:00",
        "engine": {
          "name": "OX CSAF",
          "version": "1.0.0"
        }
      },
      "id": "OXAS-ADV-2022-0002",
      "initial_release_date": "2022-11-02T00:00:00+01:00",
      "revision_history": [
        {
          "date": "2022-11-02T00:00:00+01:00",
          "number": "1",
          "summary": "Initial release"
        },
        {
          "date": "2024-01-22T00:00:00+00:00",
          "number": "2",
          "summary": "Public release"
        },
        {
          "date": "2024-01-22T00:00:00+00:00",
          "number": "3",
          "summary": "Public release"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.10.5-rev50",
                "product": {
                  "name": "OX App Suite frontend 7.10.5-rev50",
                  "product_id": "OXAS-FRONTEND_7.10.5-rev50",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev19",
                "product": {
                  "name": "OX App Suite frontend 7.10.6-rev19",
                  "product_id": "OXAS-FRONTEND_7.10.6-rev19",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev19:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.4",
                "product": {
                  "name": "OX App Suite frontend 8.4",
                  "product_id": "OXAS-FRONTEND_8.4",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.4:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.5-rev51",
                "product": {
                  "name": "OX App Suite frontend 7.10.5-rev51",
                  "product_id": "OXAS-FRONTEND_7.10.5-rev51",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6188"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6189"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev20",
                "product": {
                  "name": "OX App Suite frontend 7.10.6-rev20",
                  "product_id": "OXAS-FRONTEND_7.10.6-rev20",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev20:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6188"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6189"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "OX App Suite frontend 8.5",
                  "product_id": "OXAS-FRONTEND_8.5",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.5:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev50",
                "product": {
                  "name": "OX App Suite frontend 7.6.3-rev50",
                  "product_id": "OXAS-FRONTEND_7.6.3-rev50",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev50:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev51",
                "product": {
                  "name": "OX App Suite frontend 7.6.3-rev51",
                  "product_id": "OXAS-FRONTEND_7.6.3-rev51",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev51:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6188"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6189"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OX App Suite frontend"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.10.5-rev50",
                "product": {
                  "name": "OX App Suite backend 7.10.5-rev50",
                  "product_id": "OXAS-BACKEND_7.10.5-rev50",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev50:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev29",
                "product": {
                  "name": "OX App Suite backend 7.10.6-rev29",
                  "product_id": "OXAS-BACKEND_7.10.6-rev29",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev29:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.4",
                "product": {
                  "name": "OX App Suite backend 8.4",
                  "product_id": "OXAS-BACKEND_8.4",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.4:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.5-rev51",
                "product": {
                  "name": "OX App Suite backend 7.10.5-rev51",
                  "product_id": "OXAS-BACKEND_7.10.5-rev51",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev51:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6188"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6189"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev30",
                "product": {
                  "name": "OX App Suite backend 7.10.6-rev30",
                  "product_id": "OXAS-BACKEND_7.10.6-rev30",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev30:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6188"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6189"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.5",
                "product": {
                  "name": "OX App Suite backend 8.5",
                  "product_id": "OXAS-BACKEND_8.5",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.5:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev65",
                "product": {
                  "name": "OX App Suite backend 7.6.3-rev65",
                  "product_id": "OXAS-BACKEND_7.6.3-rev65",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev65:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev66",
                "product": {
                  "name": "OX App Suite backend 7.6.3-rev66",
                  "product_id": "OXAS-BACKEND_7.6.3-rev66",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev66:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6188"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6189"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.6",
                "product": {
                  "name": "OX App Suite backend 8.6",
                  "product_id": "OXAS-BACKEND_8.6",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.6:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.7",
                "product": {
                  "name": "OX App Suite backend 8.7",
                  "product_id": "OXAS-BACKEND_8.7",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.7:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OX App Suite backend"
          }
        ],
        "category": "vendor",
        "name": "Open-Xchange GmbH"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-37306",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-07-29T10:34:17+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-1795"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Non-alphanumeric content can be injected by the user as JS content for the \"upsell\" module. As a result, the code will be executed during subsequent logins and opening the \"Portal\" application, enabling a persistent cross-site scripting attack vector."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.5-rev51",
          "OXAS-FRONTEND_7.10.6-rev20",
          "OXAS-FRONTEND_8.5"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.5-rev50",
          "OXAS-FRONTEND_7.10.6-rev19",
          "OXAS-FRONTEND_8.4"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-21T16:16:36+02:00",
          "details": "Please deploy the provided updates and patch releases. We improved the allow-list sanitizing algorithm to deal with non-alphanumeric code.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.5-rev50",
            "OXAS-FRONTEND_7.10.6-rev19",
            "OXAS-FRONTEND_8.4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.5-rev50",
            "OXAS-FRONTEND_7.10.6-rev19",
            "OXAS-FRONTEND_8.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "XSS using \"upsell\" triggers"
    },
    {
      "cve": "CVE-2022-43696",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-09-26T10:30:45+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-1933"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "HTML content can be injected by the user as JS content for the \"upsell ads\" module. As a result, the code will be executed during subsequent logins and opening the \"Portal\" application, enabling a persistent cross-site scripting attack vector."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.5-rev51",
          "OXAS-FRONTEND_7.10.6-rev20",
          "OXAS-FRONTEND_7.6.3-rev51"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.5-rev50",
          "OXAS-FRONTEND_7.10.6-rev19",
          "OXAS-FRONTEND_7.6.3-rev50"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-21T16:07:30+02:00",
          "details": "Please deploy the provided updates and patch releases. We improved the sanitization process for upsell ads.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.5-rev50",
            "OXAS-FRONTEND_7.10.6-rev19",
            "OXAS-FRONTEND_7.6.3-rev50"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.5-rev50",
            "OXAS-FRONTEND_7.10.6-rev19",
            "OXAS-FRONTEND_7.6.3-rev50"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "XSS using \"upsell ads\""
    },
    {
      "cve": "CVE-2022-43697",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-08-16T09:40:05+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1784"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In case activity tracking adapters are enabled but not defined, users can use jslob to define own tracking settings for an account. This allows adding arbitrary values to trigger a specific URL or load a library."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.5-rev51",
          "OXAS-BACKEND_7.10.6-rev30",
          "OXAS-BACKEND_8.5"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.5-rev50",
          "OXAS-BACKEND_7.10.6-rev29",
          "OXAS-BACKEND_8.4"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-25T17:06:19+02:00",
          "details": "Please deploy the provided updates and patch releases. We made the related jslob configuration endpoint read-only for users.",
          "product_ids": [
            "OXAS-BACKEND_7.10.5-rev50",
            "OXAS-BACKEND_7.10.6-rev29",
            "OXAS-BACKEND_8.4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.5-rev50",
            "OXAS-BACKEND_7.10.6-rev29",
            "OXAS-BACKEND_8.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "\"Tracking\" features can be used to inject arbitrary script code"
    },
    {
      "cve": "CVE-2022-43698",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-09-14T13:16:50+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1823"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "When changing a valid external POP3 mail account as a user, the operation to update the accounts settings did not consider deny-list values."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.5-rev51",
          "OXAS-BACKEND_7.10.6-rev30",
          "OXAS-BACKEND_8.5"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.5-rev50",
          "OXAS-BACKEND_7.10.6-rev29",
          "OXAS-BACKEND_8.4"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-24T16:10:01+02:00",
          "details": "Please deploy the provided updates and patch releases. We now check compliance with existing deny-list content when updating POP3 mail accounts.",
          "product_ids": [
            "OXAS-BACKEND_7.10.5-rev50",
            "OXAS-BACKEND_7.10.6-rev29",
            "OXAS-BACKEND_8.4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.5-rev50",
            "OXAS-BACKEND_7.10.6-rev29",
            "OXAS-BACKEND_8.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine \"internal\" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "SSRF using POP3 account updates"
    },
    {
      "cve": "CVE-2022-43699",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-10-06T13:09:35+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1862"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The external E-Mail autodiscovery feature performs connections checks based on the E-Mail addresses host-part. Those do not take existing deny-lists into respect, allowing attackers with access to DNS records of a domain to redirect requests to illegal addresses."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.5-rev51",
          "OXAS-BACKEND_7.10.6-rev30",
          "OXAS-BACKEND_7.6.3-rev66",
          "OXAS-BACKEND_8.6"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.5-rev50",
          "OXAS-BACKEND_7.10.6-rev29",
          "OXAS-BACKEND_7.6.3-rev65",
          "OXAS-BACKEND_8.5"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-07T16:24:39+01:00",
          "details": "Please deploy the provided updates and patch releases. We check for compliance with existing deny-list content when performing mail account autodiscovery.",
          "product_ids": [
            "OXAS-BACKEND_7.10.5-rev50",
            "OXAS-BACKEND_7.10.6-rev29",
            "OXAS-BACKEND_7.6.3-rev65",
            "OXAS-BACKEND_8.5"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.5-rev50",
            "OXAS-BACKEND_7.10.6-rev29",
            "OXAS-BACKEND_7.6.3-rev65",
            "OXAS-BACKEND_8.5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Server-initiated requests can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine \"internal\" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "Mail account discovery can be abused for SSRF"
    },
    {
      "cve": "CVE-2022-42889",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2022-10-19T13:46:58+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1882"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A critical vulnerability at the Apache Commons Text library has been identified, which is used by OX App Suite and OX Documents. However, our products do not directly use the vulnerable StringSubstitutor class. Based on current knowledge that means our products are not vulnerable."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.5-rev51",
          "OXAS-BACKEND_7.10.6-rev30",
          "OXAS-BACKEND_8.7"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.5-rev50",
          "OXAS-BACKEND_7.10.6-rev29",
          "OXAS-BACKEND_8.6"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-21T10:32:30+02:00",
          "details": "Please deploy the provided updates and patch releases. We provided a update for this library to resolve the risk as a precaution, in case custom implementations use the vulnerable class.",
          "product_ids": [
            "OXAS-BACKEND_7.10.5-rev50",
            "OXAS-BACKEND_7.10.6-rev29",
            "OXAS-BACKEND_8.6"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.5-rev50",
            "OXAS-BACKEND_7.10.6-rev29",
            "OXAS-BACKEND_8.6"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Remote Code Execution, see CVE-2022-42889."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "Apache Commons Text (CVE-2022-42889)"
    }
  ]
}

gsd-2022-43699

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).

Aliases

CVE-2022-43699

Aliases

CVE-2022-43699

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-43699",
    "id": "GSD-2022-43699"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43699"
      ],
      "details": "OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).",
      "id": "GSD-2022-43699",
      "modified": "2023-12-13T01:19:31.478502Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-43699",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://open-xchange.com",
            "refsource": "MISC",
            "url": "https://open-xchange.com"
          },
          {
            "name": "https://seclists.org/fulldisclosure/2023/Feb/3",
            "refsource": "MISC",
            "url": "https://seclists.org/fulldisclosure/2023/Feb/3"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.10.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-43699"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-918"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://seclists.org/fulldisclosure/2023/Feb/3",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2023/Feb/3"
            },
            {
              "name": "https://open-xchange.com",
              "refsource": "MISC",
              "tags": [
                "Product"
              ],
              "url": "https://open-xchange.com"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-04-24T19:46Z",
      "publishedDate": "2023-04-15T02:15Z"
    }
  }
}

Action not permitted

cve-2022-43699

Vulnerability from cvelistv5

ghsa-qgqh-6wpp-27c4

Vulnerability from github

oxas-adv-2022-0002

Vulnerability from csaf_ox

gsd-2022-43699

Vulnerability from gsd

Tags