PT-2018-17128 · Open Xchange · Open-Xchange Appsuite
Pnig0S
+1
·
Published
2018-06-15
·
Updated
2018-08-03
·
CVE-2018-5755
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Open-Xchange OX App Suite versions prior to 7.6.3-rev3
Open-Xchange OX App Suite versions 7.8.x prior to 7.8.2-rev4
Open-Xchange OX App Suite versions 7.8.3 prior to 7.8.3-rev5
Open-Xchange OX App Suite versions 7.8.4 prior to 7.8.4-rev4
Description:
The issue allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet, due to an absolute path traversal vulnerability in the readerengine component.
Recommendations:
For versions prior to 7.6.3-rev3, update to version 7.6.3-rev3 or later.
For versions 7.8.x prior to 7.8.2-rev4, update to version 7.8.2-rev4 or later.
For versions 7.8.3 prior to 7.8.3-rev5, update to version 7.8.3-rev5 or later.
For versions 7.8.4 prior to 7.8.4-rev4, update to version 7.8.4-rev4 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open-Xchange Appsuite