CVE-2023-24605

Name of the Vulnerable Software and Affected Versions OX App Suite versions prior to 7.10.6-rev37

Description The issue concerns the lack of enforcement of two-factor authentication (2FA) for all endpoints in OX App Suite. Specifically, endpoints such as reading from a drive, reading contact data, and renaming tokens are not properly secured with 2FA. This oversight could potentially allow unauthorized access to sensitive data.

Recommendations For versions prior to 7.10.6-rev37, update to version 7.10.6-rev37 or later to ensure 2FA is enforced for all endpoints. As a temporary workaround, consider restricting access to sensitive endpoints, such as those related to drive access, contact data, and token management, until the update can be applied.