CVE-2018-5753

Exploit

EPSS 1.75%
Published 16.06.2018 01:29:06
Last modified 21.11.2024 04:09:19
Source cve@mitre.org
Teams watchlist Login
Open Login

The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Open-xchange ≫ Open-xchange Appsuite Version <= 7.6.3

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev14

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev15

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev16

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev17

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev18

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev20

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev22

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev23

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev24

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev25

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev26

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev28

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev29

Open-xchange ≫ Open-xchange Appsuite Version7.6.3 Updaterev30

Open-xchange ≫ Open-xchange Appsuite Version7.8.0

Open-xchange ≫ Open-xchange Appsuite Version7.8.2

Open-xchange ≫ Open-xchange Appsuite Version7.8.3

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev10

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev11

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev12

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev13

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev14

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev15

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev16

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev17

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev18

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev19

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev20

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev21

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev22

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev23

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev24

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev25

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev26

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev27

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev28

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev29

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev30

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev31

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev32

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev33

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev34

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev35

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev36

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev38

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev39

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev40

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev5

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev6

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev8

Open-xchange ≫ Open-xchange Appsuite Version7.8.3 Updaterev9

Open-xchange ≫ Open-xchange Appsuite Version7.8.4

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev10

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev11

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev13

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev14

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev15

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev16

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev17

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev18

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev19

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev3

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev4

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev5

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev6

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev7

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev8

Open-xchange ≫ Open-xchange Appsuite Version7.8.4 Updaterev9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.75%	0.818

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2018/Jun/23

Third Party Advisory

Exploit

Mailing List

https://www.exploit-db.com/exploits/44881/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-5753

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5753

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5753

EUVD