Published: 16/06/2018 Updated: 03/08/2018

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

The backend component in Open-Xchange OX App Suite prior to 7.6.3-rev36, 7.8.x prior to 7.8.2-rev39, 7.8.3 prior to 7.8.3-rev44, and 7.8.4 prior to 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
open-xchange open-xchange appsuite 7.8.4
open-xchange open-xchange appsuite 7.8.3
open-xchange open-xchange appsuite 7.6.3
open-xchange open-xchange appsuite
open-xchange open-xchange appsuite 7.8.2
open-xchange open-xchange appsuite 7.8.0

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 (Bug ID) Vulnerability type: Cross-Site Scripting (CWE-80) Vulnerable version: 784 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 763-rev30, 782-rev30, 783-rev36, 784-rev18 Vendor notification ...

OX App Suite versions 784 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities ...

CWE-200 https://www.exploit-db.com/exploits/44881/http://seclists.org/fulldisclosure/2018/Jun/23 http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html https://nvd.nist.gov https://www.exploit-db.com/exploits/44881/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-5751

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect