7.8
CVE-2014-5238
- EPSS 0.9%
- Published 14.01.2020 16:15:11
- Last modified 21.11.2024 02:11:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
Data is provided by the National Vulnerability Database (NVD)
Open-xchange ≫ Open-xchange Appsuite Version <= 7.4.1
Open-xchange ≫ Open-xchange Appsuite Version7.4.2
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision1
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision10
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision2
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision3
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision4
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision5
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision6
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision7
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision8
Open-xchange ≫ Open-xchange Appsuite Version7.4.2 Updaterevision9
Open-xchange ≫ Open-xchange Appsuite Version7.6.0
Open-xchange ≫ Open-xchange Appsuite Version7.6.0 Updaterevision1
Open-xchange ≫ Open-xchange Appsuite Version7.6.0 Updaterevision2
Open-xchange ≫ Open-xchange Appsuite Version7.6.0 Updaterevision3
Open-xchange ≫ Open-xchange Appsuite Version7.6.0 Updaterevision4
Open-xchange ≫ Open-xchange Appsuite Version7.6.0 Updaterevision5
Open-xchange ≫ Open-xchange Appsuite Version7.6.0 Updaterevision6
Open-xchange ≫ Open-xchange Appsuite Version7.6.0 Updaterevision7
Open-xchange ≫ Open-xchange Appsuite Version7.6.0 Updaterevision8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.9% | 0.736 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.