Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
405
VMScore

CVE-2018-5756

Published: 16/06/2018 Updated: 03/10/2019
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 405
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Open-xchange

Vulnerability Summary

The backend component in Open-Xchange OX App Suite prior to 7.6.3-rev36, 7.8.x prior to 7.8.2-rev39, 7.8.3 prior to 7.8.3-rev44, and 7.8.4 prior to 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.

Vulnerable Product Search on Vulmon Subscribe to Product

open-xchange open-xchange appsuite 7.8.4

open-xchange open-xchange appsuite 7.8.3

open-xchange open-xchange appsuite 7.6.3

open-xchange open-xchange appsuite

open-xchange open-xchange appsuite 7.8.0

open-xchange open-xchange appsuite 7.8.2

Exploits

Exploit DB: OX App Suite 7.8.4 - Multiple Vulnerabilities
Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 (Bug ID) Vulnerability type: Cross-Site Scripting (CWE-80) Vulnerable version: 784 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 763-rev30, 782-rev30, 783-rev36, 784-rev18 Vendor notification ...
Exploit DB: OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
OX App Suite versions 784 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities ...

References

CWE-269https://www.exploit-db.com/exploits/44881/http://seclists.org/fulldisclosure/2018/Jun/23http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/44881/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook