Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2018-5752

Published: 16/06/2018 Updated: 03/08/2018
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Open-xchange Appsuite

Vulnerability Summary

The backend component in Open-Xchange OX App Suite prior to 7.6.3-rev36, 7.8.x prior to 7.8.2-rev39, 7.8.3 prior to 7.8.3-rev44, and 7.8.4 prior to 7.8.4-rev22 allows remote malicious users to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

open-xchange open-xchange appsuite 7.8.4

open-xchange open-xchange appsuite 7.8.3

open-xchange open-xchange appsuite 7.8.2

open-xchange open-xchange appsuite 7.8.0

open-xchange open-xchange appsuite 7.6.3

open-xchange open-xchange appsuite

Exploits

Exploit DB: OX App Suite 7.8.4 - Multiple Vulnerabilities
Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 (Bug ID) Vulnerability type: Cross-Site Scripting (CWE-80) Vulnerable version: 784 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 763-rev30, 782-rev30, 783-rev36, 784-rev18 Vendor notification ...
Exploit DB: OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
OX App Suite versions 784 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities ...

References

CWE-918https://www.exploit-db.com/exploits/44881/http://seclists.org/fulldisclosure/2018/Jun/23http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/44881/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook