PT-2021-17097 · Open Xchange · Ox App Suite

Published

2021-07-22

Updated

2022-02-10

CVE-2021-26699

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions OX App Suite versions prior to 7.10.3-rev4 OX App Suite versions prior to 7.10.4-rev4

Description The issue allows for Server-Side Request Forgery (SSRF) via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.

Recommendations For OX App Suite versions prior to 7.10.3-rev4, update to version 7.10.3-rev4 or later. For OX App Suite versions prior to 7.10.4-rev4, update to version 7.10.4-rev4 or later.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-26699

Affected Products

Ox App Suite

PT-2021-17097 · Open Xchange · Ox App Suite

CVE-2021-26699

Weakness Enumeration

Related Identifiers

Affected Products

References · 6