Lucene search

K
cve[email protected]CVE-2021-28093
HistoryJul 30, 2021 - 2:15 p.m.

CVE-2021-28093

2021-07-3014:15:16
CWE-326
web.nvd.nist.gov
40
2
cve-2021-28093
ox documents
incorrect access control
converted images
hash collisions
adler32
nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

46.3%

OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32.

Affected configurations

NVD
Node
open-xchangeopen-xchange_documentsRange<7.10.5
OR
open-xchangeopen-xchange_documentsMatch7.10.5-
OR
open-xchangeopen-xchange_documentsMatch7.10.5revision1
OR
open-xchangeopen-xchange_documentsMatch7.10.5revision2
OR
open-xchangeopen-xchange_documentsMatch7.10.5revision3
OR
open-xchangeopen-xchange_documentsMatch7.10.5revision4
VendorProductVersionCPE
open-xchangeopen-xchange_documents7.10.5cpe:/a:open-xchange:open-xchange_documents:7.10.5:revision4::
open-xchangeopen-xchange_documents7.10.5cpe:/a:open-xchange:open-xchange_documents:7.10.5:revision1::
open-xchangeopen-xchange_documents7.10.5cpe:/a:open-xchange:open-xchange_documents:7.10.5:revision2::
open-xchangeopen-xchange_documents7.10.5cpe:/a:open-xchange:open-xchange_documents:7.10.5:-::
open-xchangeopen-xchange_documents7.10.5cpe:/a:open-xchange:open-xchange_documents:7.10.5:revision3::

Social References

More

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

46.3%

Related for CVE-2021-28093