Lucene search
HistoryJul 22, 2021 - 5:15 p.m.
CVE-2021-26699
cve-2021-26699
ox app suite
ssrf
svg document
imageconverter component
png extension
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
EPSS
0.002
Percentile
61.6%
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
Affected configurations
Node
open-xchangeopen-xchange_appsuiteMatch7.10.3-
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5547
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5572
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5623
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5653
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5677
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5720
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev1
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev10
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev11
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev12
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev13
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev14
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev15
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev16
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev17
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev18
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev19
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev2
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev20
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev21
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev22
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev23
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev24
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev25
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev26
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev27
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev28
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev29
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev3
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev30
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev31
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev4
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev5
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev6
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev7
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev8
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev9
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4-
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev1
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev10
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev11
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev12
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev13
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev14
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev15
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev16
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev17
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev2
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev3
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev4
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev5
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev6
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev7
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev8
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:* |
Related
cnvd
cnvd
Open-xchange OX App Suite Code Issue Vulnerability (CNVD-2022-28453)
2021-07-20 00:00:00
cve
cve
CVE-2021-26699
2021-07-22 17:15:09
cvelist
cvelist
CVE-2021-26699
2021-07-22 16:22:58
prion
prion
Server side request forgery (ssrf)
2021-07-22 17:15:00
packetstorm
packetstorm
OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
2021-07-16 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
EPSS
0.002
Percentile
61.6%
Related for NVD:CVE-2021-26699