Lucene search
MitreCVE-2023-24599HistoryMay 29, 2023 - 3:15 a.m.
CVE-2023-24599
2023-05-2903:15:09
mitre
web.nvd.nist.gov
23
cve-2023-24599
ox app suite
authenticated users
appointments
id confusion
security vulnerability
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
40.5%
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka “ID confusion.”
Affected configurations
Node
open-xchangeox_app_suiteRange<7.10.6
ORopen-xchangeox_app_suiteMatch7.10.6-
ORopen-xchangeox_app_suiteMatch7.10.6rev01
ORopen-xchangeox_app_suiteMatch7.10.6rev02
ORopen-xchangeox_app_suiteMatch7.10.6rev03
ORopen-xchangeox_app_suiteMatch7.10.6rev04
ORopen-xchangeox_app_suiteMatch7.10.6rev05
ORopen-xchangeox_app_suiteMatch7.10.6rev06
ORopen-xchangeox_app_suiteMatch7.10.6rev07
ORopen-xchangeox_app_suiteMatch7.10.6rev08
ORopen-xchangeox_app_suiteMatch7.10.6rev09
ORopen-xchangeox_app_suiteMatch7.10.6rev10
ORopen-xchangeox_app_suiteMatch7.10.6rev11
ORopen-xchangeox_app_suiteMatch7.10.6rev12
ORopen-xchangeox_app_suiteMatch7.10.6rev13
ORopen-xchangeox_app_suiteMatch7.10.6rev14
ORopen-xchangeox_app_suiteMatch7.10.6rev15
ORopen-xchangeox_app_suiteMatch7.10.6rev16
ORopen-xchangeox_app_suiteMatch7.10.6rev17
ORopen-xchangeox_app_suiteMatch7.10.6rev18
ORopen-xchangeox_app_suiteMatch7.10.6rev19
ORopen-xchangeox_app_suiteMatch7.10.6rev20
ORopen-xchangeox_app_suiteMatch7.10.6rev21
ORopen-xchangeox_app_suiteMatch7.10.6rev22
ORopen-xchangeox_app_suiteMatch7.10.6rev23
ORopen-xchangeox_app_suiteMatch7.10.6rev24
ORopen-xchangeox_app_suiteMatch7.10.6rev25
ORopen-xchangeox_app_suiteMatch7.10.6rev26
ORopen-xchangeox_app_suiteMatch7.10.6rev27
ORopen-xchangeox_app_suiteMatch7.10.6rev28
ORopen-xchangeox_app_suiteMatch7.10.6rev29
ORopen-xchangeox_app_suiteMatch7.10.6rev30
ORopen-xchangeox_app_suiteMatch7.10.6rev31
ORopen-xchangeox_app_suiteMatch7.10.6rev32
ORopen-xchangeox_app_suiteMatch7.10.6rev33
ORopen-xchangeox_app_suiteMatch7.10.6rev34
ORopen-xchangeox_app_suiteMatch7.10.6rev35
ORopen-xchangeox_app_suiteMatch7.10.6rev36
| Vendor | Product | Version | CPE |
|---|---|---|---|
| open-xchange | ox_app_suite | * | cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:* |
Related
prion
prion
Type confusion
2023-05-29 03:15:00
cvelist
cvelist
CVE-2023-24599
2023-05-29 00:00:00
osv
osv
CVE-2023-24599
2023-05-29 03:15:09
nvd
nvd
CVE-2023-24599
2023-05-29 03:15:09
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
4.6
Confidence
High
EPSS
0.001
Percentile
40.5%
Related for CVE-2023-24599