Lucene search
MitreCVE-2023-24603HistoryMay 29, 2023 - 3:15 a.m.
CVE-2023-24603
2023-05-2903:15:09
mitre
web.nvd.nist.gov
20
cve-2023-24603
ox app suite
backend
security
vulnerability
downloading
ical
data limits
nvd
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
43.8%
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.
Affected configurations
Node
open-xchangeox_app_suiteRange<7.10.6
ORopen-xchangeox_app_suiteMatch7.10.6-
ORopen-xchangeox_app_suiteMatch7.10.6rev01
ORopen-xchangeox_app_suiteMatch7.10.6rev02
ORopen-xchangeox_app_suiteMatch7.10.6rev03
ORopen-xchangeox_app_suiteMatch7.10.6rev04
ORopen-xchangeox_app_suiteMatch7.10.6rev05
ORopen-xchangeox_app_suiteMatch7.10.6rev06
ORopen-xchangeox_app_suiteMatch7.10.6rev07
ORopen-xchangeox_app_suiteMatch7.10.6rev08
ORopen-xchangeox_app_suiteMatch7.10.6rev09
ORopen-xchangeox_app_suiteMatch7.10.6rev10
ORopen-xchangeox_app_suiteMatch7.10.6rev11
ORopen-xchangeox_app_suiteMatch7.10.6rev12
ORopen-xchangeox_app_suiteMatch7.10.6rev13
ORopen-xchangeox_app_suiteMatch7.10.6rev14
ORopen-xchangeox_app_suiteMatch7.10.6rev15
ORopen-xchangeox_app_suiteMatch7.10.6rev16
ORopen-xchangeox_app_suiteMatch7.10.6rev17
ORopen-xchangeox_app_suiteMatch7.10.6rev18
ORopen-xchangeox_app_suiteMatch7.10.6rev19
ORopen-xchangeox_app_suiteMatch7.10.6rev20
ORopen-xchangeox_app_suiteMatch7.10.6rev21
ORopen-xchangeox_app_suiteMatch7.10.6rev22
ORopen-xchangeox_app_suiteMatch7.10.6rev23
ORopen-xchangeox_app_suiteMatch7.10.6rev24
ORopen-xchangeox_app_suiteMatch7.10.6rev25
ORopen-xchangeox_app_suiteMatch7.10.6rev26
ORopen-xchangeox_app_suiteMatch7.10.6rev27
ORopen-xchangeox_app_suiteMatch7.10.6rev28
ORopen-xchangeox_app_suiteMatch7.10.6rev29
ORopen-xchangeox_app_suiteMatch7.10.6rev30
ORopen-xchangeox_app_suiteMatch7.10.6rev31
ORopen-xchangeox_app_suiteMatch7.10.6rev32
ORopen-xchangeox_app_suiteMatch7.10.6rev33
ORopen-xchangeox_app_suiteMatch7.10.6rev34
ORopen-xchangeox_app_suiteMatch7.10.6rev35
ORopen-xchangeox_app_suiteMatch7.10.6rev36
| Vendor | Product | Version | CPE |
|---|---|---|---|
| open-xchange | ox_app_suite | * | cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:* |
| open-xchange | ox_app_suite | 7.10.6 | cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2023-24603
2023-05-29 03:15:09
prion
prion
Code injection
2023-05-29 03:15:00
osv
osv
CVE-2023-24603
2023-05-29 03:15:09
cvelist
cvelist
CVE-2023-24603
2023-05-29 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
43.8%
Related for CVE-2023-24603