Lucene search

K
cve[email protected]CVE-2021-28093
HistoryJul 30, 2021 - 2:15 p.m.

CVE-2021-28093

2021-07-3014:15:16
CWE-326
web.nvd.nist.gov
40
2
cve-2021-28093
ox documents
incorrect access control
converted images
hash collisions
adler32
nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.4%

OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32.

Affected configurations

NVD
Node
open-xchangeopen-xchange_documentsRange<7.10.5
OR
open-xchangeopen-xchange_documentsMatch7.10.5-
OR
open-xchangeopen-xchange_documentsMatch7.10.5revision1
OR
open-xchangeopen-xchange_documentsMatch7.10.5revision2
OR
open-xchangeopen-xchange_documentsMatch7.10.5revision3
OR
open-xchangeopen-xchange_documentsMatch7.10.5revision4

Social References

More

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.4%

Related for CVE-2021-28093