CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
68.2%
Open-Xchange (OX) App Suite is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:open-xchange:open-xchange_appsuite";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806070");
script_version("2024-02-20T05:05:48+0000");
script_cve_id("CVE-2014-5236", "CVE-2014-5237");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-02-06 19:54:00 +0000 (Thu, 06 Feb 2020)");
script_tag(name:"creation_date", value:"2015-10-05 16:02:56 +0530 (Mon, 05 Oct 2015)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("Open-Xchange (OX) App Suite Multiple Vulnerabilities -02 (Oct 2015)");
script_tag(name:"summary", value:"Open-Xchange (OX) App Suite is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws exist due to:
- Crafted OLE Objects within OpenDocument Text files can be used to reference
objects with absolute or relative paths.
- Server-side request forgery (SSRF) vulnerability in the documentconverter
component in Open-Xchange (OX) AppSuite");
script_tag(name:"impact", value:"Successful exploitation will allow attackers
to access or read arbitrary files that contain sensitive information, to
perform certain unauthorized actions and gain access to the affected
application. Other attacks are also possible.");
script_tag(name:"affected", value:"Open-Xchange (OX) App Suite versions before
7.4.2-rev10 and 7.6.x before 7.6.0-rev10.");
script_tag(name:"solution", value:"Update to version 7.4.2-rev10 or 7.6.0-rev10 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://packetstormsecurity.com/files/128257");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/69794");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/69793");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_open-xchange_ox_app_suite_http_detect.nasl");
script_mandatory_keys("open-xchange/app_suite/detected");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!revision = get_kb_item("open-xchange/app_suite/" + port + "/revision"))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
version += "." + revision;
if (version_is_less(version: version, test_version: "7.4.2.10"))
fix = "7.4.2.10";
else if(version =~ "^7\.6" && version_is_less(version: version, test_version: "7.6.0.10"))
fix = "7.6.0.10";
if (fix) {
report = report_fixed_ver(installed_version: version, fixed_version: fix, install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
68.2%