CVE-2020-8544 - Server-Side Request Forgery (SSRF)

Severity

65%

Complexity

27%

Confidentiality

60%

OX App Suite through 7.10.3 allows SSRF.

CVSS 3.1 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N).

Overview

Type

Open-Xchange AppSuite

First reported 4 years ago

2020-06-16 14:15:00

Last updated 4 years ago

2020-06-17 15:23:00

Affected Software

Open-Xchange AppSuite 7.8.4

7.8.4

Open-Xchange AppSuite 7.8.4 Rev1

7.8.4

Open-Xchange AppSuite 7.8.4 Rev10

7.8.4

Open-Xchange AppSuite 7.8.4 Rev11

7.8.4

Open-Xchange AppSuite 7.8.4 Rev12

7.8.4

Open-Xchange AppSuite 7.8.4 Rev13

7.8.4

Open-Xchange AppSuite 7.8.4 Rev14

7.8.4

Open-Xchange AppSuite 7.8.4 Rev15

7.8.4

Open-Xchange AppSuite 7.8.4 Rev16

7.8.4

Open-Xchange AppSuite 7.8.4 Rev17

7.8.4

Open-Xchange AppSuite 7.8.4 Rev18

7.8.4

Open-Xchange AppSuite 7.8.4 Rev19

7.8.4

Open-Xchange AppSuite 7.8.4 Rev2

7.8.4

Open-Xchange AppSuite 7.8.4 Rev20

7.8.4

Open-Xchange AppSuite 7.8.4 Rev21

7.8.4

Open-Xchange AppSuite 7.8.4 Rev22

7.8.4

Open-Xchange AppSuite 7.8.4 Rev23

7.8.4

Open-Xchange AppSuite 7.8.4 Rev24

7.8.4

Open-Xchange AppSuite 7.8.4 Rev25

7.8.4

Open-Xchange AppSuite 7.8.4 Rev26

7.8.4

Open-Xchange AppSuite 7.8.4 Rev27

7.8.4

Open-Xchange AppSuite 7.8.4 Rev28

7.8.4

Open-Xchange AppSuite 7.8.4 Rev29

7.8.4

Open-Xchange AppSuite 7.8.4 Rev3

7.8.4

Open-Xchange AppSuite 7.8.4 Rev30

7.8.4

Open-Xchange AppSuite 7.8.4 Rev31

7.8.4

Open-Xchange AppSuite 7.8.4 Rev32

7.8.4

Open-Xchange AppSuite 7.8.4 Rev33

7.8.4

Open-Xchange AppSuite 7.8.4 Rev34

7.8.4

Open-Xchange AppSuite 7.8.4 Rev35

7.8.4

Open-Xchange AppSuite 7.8.4 Rev36

7.8.4

Open-Xchange AppSuite 7.8.4 Rev37

7.8.4

Open-Xchange AppSuite 7.8.4 Rev38

7.8.4

Open-Xchange AppSuite 7.8.4 Rev39

7.8.4

Open-Xchange AppSuite 7.8.4 Rev4

7.8.4

Open-Xchange AppSuite 7.8.4 Rev40

7.8.4

Open-Xchange AppSuite 7.8.4 Rev41

7.8.4

Open-Xchange AppSuite 7.8.4 Rev42

7.8.4

Open-Xchange AppSuite 7.8.4 Rev43

7.8.4

Open-Xchange AppSuite 7.8.4 Rev44

7.8.4

Open-Xchange AppSuite 7.8.4 Rev45

7.8.4

Open-Xchange AppSuite 7.8.4 Rev46

7.8.4

Open-Xchange AppSuite 7.8.4 Rev47

7.8.4

Open-Xchange AppSuite 7.8.4 Rev48

7.8.4

Open-Xchange AppSuite 7.8.4 Rev49

7.8.4

Open-Xchange AppSuite 7.8.4 Rev5

7.8.4

Open-Xchange AppSuite 7.8.4 Rev50

7.8.4

Open-Xchange AppSuite 7.8.4 Rev51

7.8.4

Open-Xchange AppSuite 7.8.4 Rev52

7.8.4

Open-Xchange AppSuite 7.8.4 Rev53

7.8.4

Open-Xchange AppSuite 7.8.4 Rev54

7.8.4

Open-Xchange AppSuite 7.8.4 Rev55

7.8.4

Open-Xchange AppSuite 7.8.4 Rev56

7.8.4

Open-Xchange AppSuite 7.8.4 Rev57

7.8.4

Open-Xchange AppSuite 7.8.4 Rev58

7.8.4

Open-Xchange AppSuite 7.8.4 Rev59

7.8.4

Open-Xchange AppSuite 7.8.4 Rev6

7.8.4

Open-Xchange AppSuite 7.8.4 Rev60

7.8.4

Open-Xchange AppSuite 7.8.4 Rev61

7.8.4

Open-Xchange AppSuite 7.8.4 Rev62

7.8.4

Open-Xchange AppSuite 7.8.4 Rev63

7.8.4

Open-Xchange AppSuite 7.8.4 Rev64

7.8.4

Open-Xchange AppSuite 7.8.4 Rev65

7.8.4

Open-Xchange AppSuite 7.8.4 Rev66

7.8.4

Open-Xchange AppSuite 7.8.4 Rev67

7.8.4

Open-Xchange AppSuite 7.8.4 Rev7

7.8.4

Open-Xchange AppSuite 7.8.4 Rev8

7.8.4

Open-Xchange AppSuite 7.8.4 Rev9

7.8.4

Open-Xchange AppSuite 7.10.1

7.10.1

Open-Xchange AppSuite 7.10.2

7.10.2

Open-Xchange AppSuite 7.10.2 Rev20

7.10.2

Open-Xchange AppSuite 7.10.2 Rev21

7.10.2

Open-Xchange AppSuite 7.10.3 Rev6

7.10.3

References

https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html

https://www.open-xchange.com/

https://packetstormsecurity.com/files/158070/OX-App-Suite-OX-Documents-7.10.3-XSS-SSRF-Improper-Validation.html

Third Party Advisory, VDB Entry

https://www.open-xchange.com/

Product

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.