CVE-2022-43699

Name of the Vulnerable Software and Affected Versions OX App Suite versions prior to 7.10.6-rev30

Description The issue allows for Server-Side Request Forgery (SSRF) due to e-mail account discovery disregarding the deny-list. This can be exploited by an adversary who controls the DNS records of an external domain, which can be found in the host part of an e-mail address.

Recommendations For OX App Suite versions prior to 7.10.6-rev30, update to version 7.10.6-rev30 or later to resolve the issue. As a temporary workaround, consider restricting e-mail account discovery to prevent SSRF attacks until a patch is applied.