CVE-2023-29050

🗓️ 08 Jan 2024 08:51:40Reported by OXType

LDAP filter string injection risk in "LDAP contacts provider

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-29050	8 Jan 202410:26	–	circl
CNNVD	Open-Xchange App Suite Injection Vulnerability	8 Jan 202400:00	–	cnnvd
CVE	CVE-2023-29050	8 Jan 202408:51	–	cve
EUVD	EUVD-2023-32654	3 Oct 202520:07	–	euvd
NVD	CVE-2023-29050	8 Jan 202409:15	–	nvd
Prion	Design/Logic Flaw	8 Jan 202409:15	–	prion
Positive Technologies	PT-2024-12189 · Open Xchange Gmbh +2 · Ox App Suite +1	8 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-29050	23 May 202501:46	–	redhatcve
Vulnrichment	CVE-2023-29050	8 Jan 202408:51	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "backend"
    ],
    "product": "OX App Suite",
    "vendor": "Open-Xchange GmbH",
    "versions": [
      {
        "lessThanOrEqual": "7.10.6-rev50",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.16",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
documentation	www.documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json
seclists	www.seclists.org/fulldisclosure/2024/Jan/3
software	www.software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf
packetstormsecurity	www.packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html

12 Jan 2024 07:07Current

9.2High risk

Vulners AI Score9.2

CVSS 3.17.6

EPSS0.00108

CWE-90