8.8
CVE-2023-29048
- EPSS 0.38%
- Veröffentlicht 08.01.2024 09:15:19
- Zuletzt bearbeitet 21.11.2024 07:56:26
- Quelle security@open-xchange.com
- Teams Watchlist Login
- Unerledigt Login
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Open-xchange ≫ Ox App Suite Version < 7.10.6
Open-xchange ≫ Ox App Suite Version7.10.6 Update-
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev01
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev02
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev03
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev04
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev05
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev06
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev07
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev08
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev09
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev10
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev11
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev12
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev13
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev14
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev15
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev16
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev17
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev18
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev19
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev20
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev21
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev22
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev23
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev24
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev25
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev26
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev27
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev28
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev29
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev30
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev31
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev32
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev33
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev34
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev35
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev36
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev37
Open-xchange ≫ Ox App Suite Version7.10.6 Updaterev50
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.584 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| security@open-xchange.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.