CVE-2018-5752

Exploit

EPSS 1.66%
Published 16.06.2018 01:29:06
Last modified 21.11.2024 04:09:19
Source cve@mitre.org
Teams watchlist Login
Open Login

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Open-xchange ≫ Open-xchange Appsuite Version <= 7.6.3

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev14

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev15

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev16

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev17

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev18

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev20

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev22

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev23

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev24

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev25

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev26

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev28

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev29

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev30

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev31

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev32

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev33

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev35

Open-xchange ≫ Open-xchange Appsuite Version7.8.0

Open-xchange ≫ Open-xchange Appsuite Version7.8.2

Open-xchange ≫ Open-xchange Appsuite Version7.8.3

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev10

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev11

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev12

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev13

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev14

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev15

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev16

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev17

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev18

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev19

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev20

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev21

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev22

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev23

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev24

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev25

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev26

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev27

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev28

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev29

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev30

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev31

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev32

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev33

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev34

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev35

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev36

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev38

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev39

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev40

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev41

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev42

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev43

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev5

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev6

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev8

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev9

Open-xchange ≫ Open-xchange Appsuite Version7.8.4

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev10

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev11

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev13

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev14

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev15

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev16

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev17

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev18

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev19

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev20

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev21

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev3

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev4

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev5

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev6

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev7

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev8

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.66%	0.814

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2018/Jun/23

Third Party Advisory

Exploit

Mailing List

https://www.exploit-db.com/exploits/44881/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-5752

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5752

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5752

EUVD