CVE-2022-37313

Exploit

EPSS 0.46%
Veröffentlicht 26.12.2022 02:15:09
Zuletzt bearbeitet 14.04.2025 15:15:20
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Open-xchange ≫ Open-xchange Appsuite Version < 7.10.5

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Update-

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_5961

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_5973

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_5976

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_5982

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_5989

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_5994

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6000

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6003

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6008

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6010

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6016

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6020

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6026

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6029

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6034

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6035

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6038

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6046

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6051

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6053

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6060

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6061

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6066

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6068

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6072

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6079

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6084

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6092

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6101

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6111

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6120

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6132

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6137

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6140

Open-xchange ≫ Open-xchange Appsuite Version7.10.5 Updatepatch_release_6149

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Update-

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6069

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6073

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6080

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6085

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6093

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6102

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6112

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6121

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6133

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6138

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6141

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6146

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6147

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6148

Open-xchange ≫ Open-xchange Appsuite Version7.10.6 Updatepatch_release_6150

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.46%	0.634

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://open-xchange.com

Vendor Advisory

https://seclists.org/fulldisclosure/2022/Nov/18

Third Party Advisory

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-37313

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37313

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37313

EUVD