PT-2022-16676 · Open Xchange · Ox App Suite
Published
2022-07-27
·
Updated
2023-08-08
·
CVE-2022-24406
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OX App Suite versions 7.10.6 and earlier
Description
The issue allows for Server-Side Request Forgery (SSRF) due to predictable multipart/form-data boundaries, which can lead to injection into internal Documentconverter API calls.
Recommendations
For OX App Suite versions 7.10.6 and earlier, update to a version where the multipart/form-data boundaries are not predictable to prevent SSRF and injection into internal API calls.
As a temporary workaround, consider restricting access to the internal Documentconverter API to minimize the risk of exploitation.
Exploit
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ox App Suite