CVE-2021-23927

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.4 and earlier

Description: The issue allows for Server-Side Request Forgery (SSRF) via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. This can potentially be exploited by sending a crafted request to the vulnerable endpoint.

Recommendations: For OX App Suite versions 7.10.4 and earlier, as a temporary workaround, consider restricting access to the appsuite/api/oauth/proxy endpoint until a patch is available. Avoid using URLs with an @ character in PUT requests to this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.