CVE-2022-24405

Name of the Vulnerable Software and Affected Versions OX App Suite versions 7.10.6 and earlier

Description The issue allows OS Command Injection via a serialized Java class to the "Documentconverter API" endpoint. This enables potential attackers to execute system commands. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For OX App Suite versions 7.10.6 and earlier, update to a version later than 7.10.6 to resolve the issue. As a temporary workaround, consider restricting access to the "Documentconverter API" endpoint until a patch is available.