CVE-2023-26436

Name of the Vulnerable Software and Affected Versions OX App Suite (affected versions not specified)

Description The issue is related to a flaw in the deserialization mechanism of the OX App Suite package. Attackers with access to the "documentconverterws" API endpoint could inject serialized Java objects that were not properly checked during deserialization, allowing arbitrary code to be executed when processing the request. Access to this API endpoint is restricted to local networks by default. A check has been introduced to restrict processing of legal and expected classes for this API, and warnings are logged in case of attempts to inject illegal classes. No publicly available exploits are known.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.