CVE-2023-24605

2023-05-2900:00:00

mitre

www.cve.org

ox app suite

2fa

vulnerability

drive

contacts

tokens

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.6%

JSON

OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.

References

seclists.org/fulldisclosure/2023/May/3

open-xchange.com