CVE-2023-26431

🗓️ 20 Jun 2023 07:51:43Reported by OXType

IPv4-mapped IPv6 addresses recognition fix for deny-list bypass

Reporter	Title	Published	Views	Family All 8
CNNVD	Open-Xchange OX App Suite 代码问题漏洞	20 Jun 202300:00	–	cnnvd
Cvelist	CVE-2023-26431	20 Jun 202307:51	–	cvelist
EUVD	EUVD-2023-30251	3 Oct 202520:07	–	euvd
NVD	CVE-2023-26431	20 Jun 202308:15	–	nvd
OSV	CVE-2023-26431	20 Jun 202308:15	–	osv
Prion	Design/Logic Flaw	20 Jun 202308:15	–	prion
Positive Technologies	PT-2023-20628	20 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-26431	23 May 202505:39	–	redhatcve

NVD

Node

open-xchange open-xchange_appsuite_backendRange<7.10.6

open-xchange open-xchange_appsuite_backendRange8.0.0–8.11.0

open-xchange open-xchange_appsuite_backendMatch7.10.6

open-xchange open-xchange_appsuite_backendMatch7.10.6revision_39

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "backend"
    ],
    "product": "OX App Suite",
    "vendor": "OX Software GmbH",
    "versions": [
      {
        "lessThanOrEqual": "7.10.6-rev39",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
software	www.software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf
seclists	www.seclists.org/fulldisclosure/2023/Jun/8
packetstormsecurity	www.packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html
documentation	www.documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json

21 Nov 2024 07:51Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.14.3 - 5

EPSS0.0022

CWE-918