CVE-2023-26429

🗓️ 20 Jun 2023 07:51:39Reported by OXType

Control characters not removed in user feedback export, potential data structure breakag

Reporter	Title	Published	Views	Family All 7
CNNVD	Open-Xchange OX App Suite 命令注入漏洞	20 Jun 202300:00	–	cnnvd
Cvelist	CVE-2023-26429	20 Jun 202307:51	–	cvelist
EUVD	EUVD-2023-30249	3 Oct 202520:07	–	euvd
NVD	CVE-2023-26429	20 Jun 202308:15	–	nvd
Prion	Design/Logic Flaw	20 Jun 202308:15	–	prion
Positive Technologies	PT-2023-20625 · Ox Software Gmbh +1 · Ox App Suite +1	20 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-26429	23 May 202504:39	–	redhatcve

NVD

Node

open-xchange open-xchange_appsuite_backendRange<7.10.6

open-xchange open-xchange_appsuite_backendRange8.0.0–8.11.0

open-xchange open-xchange_appsuite_backendMatch7.10.6

open-xchange open-xchange_appsuite_backendMatch7.10.6revision_39

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "backend"
    ],
    "product": "OX App Suite",
    "vendor": "OX Software GmbH",
    "versions": [
      {
        "lessThanOrEqual": "7.10.6-rev39",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
software	www.software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf
seclists	www.seclists.org/fulldisclosure/2023/Jun/8
packetstormsecurity	www.packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html
documentation	www.documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json

21 Nov 2024 07:51Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.13.5 - 5.3

EPSS0.00171

CWE-77