CVE-2023-26436

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processin...

CVE-2023-26436

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processin...

CVE-2023-26436

The CVE-2023-26436 issue affects Open-Xchange AppSuite (OX App Suite) via the documentconverterws API. Attackers able to access this endpoint can inject serialized Java objects that aren’t properly validated during deserialization, potentially allowing arbitrary code execution. The root cause is ...

CVE-2023-26436

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processin...

PT-2023-4164 · Unknown · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite affected versions not specified Description: The issue is related to a flaw in the deserialization mechanism of the OX App Suite package. Attackers with access to the "documentconverterws" API endpoint could inject serialized Jav...

Open-Xchange: [SSRF] PDF documentconverterws

Hi. Previous report 260576 Example: F305199 /ppt/slides/rels/slide1.xml.rels: xml Result: F305196 Impact Scan network Read any file file:///home/example/test.odf...