PT-2023-14290 · Open Xchange · Ox App Suite
Published
2023-04-15
·
Updated
2023-05-15
·
CVE-2022-43698
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OX App Suite versions prior to 7.10.6-rev30
Description
The issue allows for Server-Side Request Forgery (SSRF) because changing a POP3 account disregards the deny-list. This occurs when the OX App Suite is configured to use POP3 accounts and an attacker can manipulate the account settings to bypass restrictions.
Recommendations
For versions prior to 7.10.6-rev30, update to version 7.10.6-rev30 or later to resolve the issue. As a temporary workaround, consider restricting access to the POP3 account configuration to minimize the risk of exploitation.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ox App Suite