6

CVE-2021-33493

Exploit
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Open-xchangeOx App Suite Version <= 7.10.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.48% 0.375
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 0.8 5.2
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:N/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://open-xchange.com
Vendor Advisory
Product
http://packetstormsecurity.com/files/165028/OX-App-Suite-Ox-Documents-7.10.x-XSS-Code-Injection-Traversal.html
Third Party Advisory
Exploit
https://seclists.org/fulldisclosure/2021/Nov/42
Third Party Advisory
Exploit
Mailing List