Lucene search

CVE-2023-26439

🗓️ 02 Aug 2023 13:10:15Reported by OXType

The cacheservice API allows SQL injection, mitigated by improved input check and content filter

Reporter	Title	Published	Views	Family All 3
Cvelist	CVE-2023-26439	2 Aug 202312:23	–	cvelist
Prion	Sql injection	2 Aug 202313:15	–	prion
NVD	CVE-2023-26439	2 Aug 202313:15	–	nvd

Nvd

Node

open-xchange open-xchange_appsuite_officeRange<8.11

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "office"
    ],
    "product": "OX App Suite",
    "vendor": "OX Software GmbH",
    "versions": [
      {
        "lessThanOrEqual": "8.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
seclists	www.seclists.org/fulldisclosure/2023/Aug/8
packetstormsecurity	www.packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html
documentation	www.documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json
software	www.software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Aug 2023 13:15Current

7.7High risk

Vulners AI Score7.7

CVSS37.6 - 7.8

EPSS0.00042

CWE-89