Lucene search
MitreCVE-2023-24600HistoryMay 29, 2023 - 3:15 a.m.
CVE-2023-24600
2023-05-2903:15:09
mitre
web.nvd.nist.gov
22
cve-2023-24600
ox app suite
access controls
authenticated users
security vulnerability
nvd
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.4
Confidence
High
EPSS
0.001
Percentile
29.6%
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.
Affected configurations
Node
open-xchangeox_app_suiteRange<7.10.6
ORopen-xchangeox_app_suiteMatch7.10.6-
ORopen-xchangeox_app_suiteMatch7.10.6rev01
ORopen-xchangeox_app_suiteMatch7.10.6rev02
ORopen-xchangeox_app_suiteMatch7.10.6rev03
ORopen-xchangeox_app_suiteMatch7.10.6rev04
ORopen-xchangeox_app_suiteMatch7.10.6rev05
ORopen-xchangeox_app_suiteMatch7.10.6rev06
ORopen-xchangeox_app_suiteMatch7.10.6rev07
ORopen-xchangeox_app_suiteMatch7.10.6rev08
ORopen-xchangeox_app_suiteMatch7.10.6rev09
ORopen-xchangeox_app_suiteMatch7.10.6rev10
ORopen-xchangeox_app_suiteMatch7.10.6rev11
ORopen-xchangeox_app_suiteMatch7.10.6rev12
ORopen-xchangeox_app_suiteMatch7.10.6rev13
ORopen-xchangeox_app_suiteMatch7.10.6rev14
ORopen-xchangeox_app_suiteMatch7.10.6rev15
ORopen-xchangeox_app_suiteMatch7.10.6rev16
ORopen-xchangeox_app_suiteMatch7.10.6rev17
ORopen-xchangeox_app_suiteMatch7.10.6rev18
ORopen-xchangeox_app_suiteMatch7.10.6rev19
ORopen-xchangeox_app_suiteMatch7.10.6rev20
ORopen-xchangeox_app_suiteMatch7.10.6rev21
ORopen-xchangeox_app_suiteMatch7.10.6rev22
ORopen-xchangeox_app_suiteMatch7.10.6rev23
ORopen-xchangeox_app_suiteMatch7.10.6rev24
ORopen-xchangeox_app_suiteMatch7.10.6rev25
ORopen-xchangeox_app_suiteMatch7.10.6rev26
ORopen-xchangeox_app_suiteMatch7.10.6rev27
ORopen-xchangeox_app_suiteMatch7.10.6rev28
ORopen-xchangeox_app_suiteMatch7.10.6rev29
ORopen-xchangeox_app_suiteMatch7.10.6rev30
ORopen-xchangeox_app_suiteMatch7.10.6rev31
ORopen-xchangeox_app_suiteMatch7.10.6rev32
ORopen-xchangeox_app_suiteMatch7.10.6rev33
ORopen-xchangeox_app_suiteMatch7.10.6rev34
ORopen-xchangeox_app_suiteMatch7.10.6rev35
ORopen-xchangeox_app_suiteMatch7.10.6rev36
| Vendor | Product | Version | CPE |
|---|---|---|---|
| open-xchange | ox_app_suite | * | cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2023-05-29 03:15:00
cvelist
cvelist
CVE-2023-24600
2023-05-29 00:00:00
nvd
nvd
CVE-2023-24600
2023-05-29 03:15:09
osv
osv
CVE-2023-24600
2023-05-29 03:15:09
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.4
Confidence
High
EPSS
0.001
Percentile
29.6%
Related for CVE-2023-24600