PT-2021-17740 · Open Xchange · Ox Documents
Martin Heiland
·
Published
2021-07-27
·
Updated
2022-07-12
·
CVE-2021-28094
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
OX Documents versions prior to 7.10.5-rev7
Description:
The issue is related to incorrect access control for converted documents due to the potential for hash collisions. This is caused by the use of CRC32, which can lead to security problems.
Recommendations:
For versions prior to 7.10.5-rev7, update to version 7.10.5-rev7 or later to resolve the issue. As a temporary workaround, consider restricting access to document conversion features until the update is applied.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ox Documents