oxas-adv-2023-0005
Vulnerability from csaf_ox
Published
2023-09-19 00:00
Modified
2024-01-22 00:00
Summary
OX App Suite Security Advisory OXAS-ADV-2023-0005
{ document: { aggregate_severity: { text: "HIGH", }, category: "csaf_security_advisory", csaf_version: "2.0", lang: "en-US", publisher: { category: "vendor", name: "Open-Xchange GmbH", namespace: "https://open-xchange.com/", }, references: [ { category: "external", summary: "Release Notes", url: "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf", }, { category: "self", summary: "Canonical CSAF document", url: "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json", }, { category: "self", summary: "Markdown representation", url: "https://documentation.open-xchange.com/appsuite/security/advisories/md/2023/oxas-adv-2023-0005.md", }, { category: "self", summary: "HTML representation", url: "https://documentation.open-xchange.com/appsuite/security/advisories/html/2023/oxas-adv-2023-0005.html", }, { category: "self", summary: "Plain-text representation", url: "https://documentation.open-xchange.com/appsuite/security/advisories/txt/2023/oxas-adv-2023-0005.txt", }, ], title: "OX App Suite Security Advisory OXAS-ADV-2023-0005", tracking: { current_release_date: "2024-01-22T00:00:00+00:00", generator: { date: "2024-01-22T15:43:48+00:00", engine: { name: "OX CSAF", version: "1.0.0", }, }, id: "OXAS-ADV-2023-0005", initial_release_date: "2023-09-19T00:00:00+02:00", revision_history: [ { date: "2023-09-19T00:00:00+02:00", number: "1", summary: "Initial release", }, { date: "2024-01-22T00:00:00+00:00", number: "2", summary: "Public release", }, { date: "2024-01-22T00:00:00+00:00", number: "3", summary: "Public release", }, { date: "2024-01-22T00:00:00+00:00", number: "4", summary: "Public release", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "7.10.6-rev50", product: { name: "OX App Suite backend 7.10.6-rev50", product_id: "OXAS-BACKEND_7.10.6-rev50", product_identification_helper: { cpe: "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev50:*:*:*:*:*:*", }, }, }, { category: "product_version", name: "7.10.6-rev51", product: { name: "OX App Suite backend 7.10.6-rev51", product_id: "OXAS-BACKEND_7.10.6-rev51", product_identification_helper: { cpe: "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev51:*:*:*:*:*:*", x_generic_uris: [ { namespace: "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing", uri: "urn:open-xchange:app_suite:patch-id:6248", }, ], }, }, }, { category: "product_version", name: "8.16", product: { name: "OX App Suite backend 8.16", product_id: "OXAS-BACKEND_8.16", product_identification_helper: { cpe: "cpe:2.3:a:open-xchange:app_suite:8.16:*:*:*:*:*:*:*", }, }, }, { category: "product_version", name: "8.17", product: { name: "OX App Suite backend 8.17", product_id: "OXAS-BACKEND_8.17", product_identification_helper: { cpe: "cpe:2.3:a:open-xchange:app_suite:8.17:*:*:*:*:*:*:*", }, }, }, ], category: "product_name", name: "OX App Suite backend", }, { branches: [ { category: "product_version", name: "7.10.6-rev33", product: { name: "OX App Suite frontend 7.10.6-rev33", product_id: "OXAS-FRONTEND_7.10.6-rev33", product_identification_helper: { cpe: "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev33:*:*:*:*:*:*", }, }, }, { category: "product_version", name: "7.10.6-rev34", product: { name: "OX App Suite frontend 7.10.6-rev34", product_id: "OXAS-FRONTEND_7.10.6-rev34", product_identification_helper: { cpe: "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev34:*:*:*:*:*:*", x_generic_uris: [ { namespace: "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing", uri: "urn:open-xchange:app_suite:patch-id:6248", }, ], }, }, }, ], category: "product_name", name: "OX App Suite frontend", }, ], category: "vendor", name: "Open-Xchange GmbH", }, ], }, vulnerabilities: [ { cve: "CVE-2023-29048", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, discovery_date: "2023-08-08T08:49:07+02:00", ids: [ { system_name: "OX Bug", text: "MWB-2261", }, ], notes: [ { category: "description", text: "A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user.", }, ], product_status: { first_fixed: [ "OXAS-BACKEND_7.10.6-rev51", ], last_affected: [ "OXAS-BACKEND_7.10.6-rev50", ], }, remediations: [ { category: "vendor_fix", date: "2023-09-14T12:51:09+02:00", details: "Please deploy the provided updates and patch releases. The template engine has been reconfigured to deny execution of harmful commands on a system level.", product_ids: [ "OXAS-BACKEND_7.10.6-rev50", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "OXAS-BACKEND_7.10.6-rev50", ], }, ], threats: [ { category: "impact", details: "Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources.", }, { category: "exploit_status", details: "No publicly available exploits are known.", }, ], title: "OXMF templates allow remote code execution", }, { cve: "CVE-2023-29050", cwe: { id: "CWE-90", name: "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", }, discovery_date: "2023-08-17T20:59:06+02:00", ids: [ { system_name: "OX Bug", text: "MWB-2274", }, ], notes: [ { category: "description", text: "The optional \"LDAP contacts provider\" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy.", }, ], product_status: { first_fixed: [ "OXAS-BACKEND_7.10.6-rev51", "OXAS-BACKEND_8.17", ], last_affected: [ "OXAS-BACKEND_7.10.6-rev50", "OXAS-BACKEND_8.16", ], }, remediations: [ { category: "vendor_fix", date: "2023-09-18T08:29:07+02:00", details: "Please deploy the provided updates and patch releases. Encoding has been added for user-provided fragments that are used when constructing the LDAP query.", product_ids: [ "OXAS-BACKEND_7.10.6-rev50", "OXAS-BACKEND_8.16", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, products: [ "OXAS-BACKEND_7.10.6-rev50", "OXAS-BACKEND_8.16", ], }, ], threats: [ { category: "impact", details: "Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service.", }, { category: "exploit_status", details: "No publicly available exploits are known.", }, ], title: "LDAP filter injection vulnerability in Contacts Provider LDAP", }, { cve: "CVE-2023-29049", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-08-14T14:15:50+02:00", ids: [ { system_name: "OX Bug", text: "OXUIB-2489", }, ], notes: [ { category: "description", text: "The \"upsell\" widget at the portal page could be abused to inject arbitrary script code.", }, ], product_status: { first_fixed: [ "OXAS-FRONTEND_7.10.6-rev34", ], last_affected: [ "OXAS-FRONTEND_7.10.6-rev33", ], }, remediations: [ { category: "vendor_fix", date: "2023-09-18T15:22:30+02:00", details: "Please deploy the provided updates and patch releases. User input for this widget is now sanitized to avoid malicious content the be processed.", product_ids: [ "OXAS-FRONTEND_7.10.6-rev33", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "OXAS-FRONTEND_7.10.6-rev33", ], }, ], threats: [ { category: "impact", details: "Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain.", }, { category: "exploit_status", details: "No publicly available exploits are known.", }, ], title: "XSS in upsell portal widget", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.