CVE-2021-26699

EPSS 0.47%
Published 22.07.2021 17:15:09
Last modified 21.11.2024 05:56:41
Source cve@mitre.org
Teams watchlist Login
Open Login

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Update-

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updatepatch_release5547

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updatepatch_release5572

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updatepatch_release5623

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updatepatch_release5653

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updatepatch_release5677

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updatepatch_release5720

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev1

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev10

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev11

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev12

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev13

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev14

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev15

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev16

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev17

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev18

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev19

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev2

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev20

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev21

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev22

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev23

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev24

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev25

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev26

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev27

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev28

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev29

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev3

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev30

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev31

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev4

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev5

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev6

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev7

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev8

Open-xchange ≫ Open-xchange Appsuite Version7.10.3 Updaterev9

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Update-

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev1

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev10

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev11

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev12

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev13

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev14

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev15

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev16

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev17

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev2

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev3

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev4

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev5

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev6

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev7

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev8

Open-xchange ≫ Open-xchange Appsuite Version7.10.4 Updaterev9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.47%	0.618

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html

Third Party Advisory

VDB Entry

http://seclists.org/fulldisclosure/2021/Jul/33

Third Party Advisory

Mailing List

https://www.open-xchange.com

Vendor Advisory

https://seclists.org/fulldisclosure/2021/Jul/33

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-26699

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26699

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26699

EUVD