CVE-2019-1422614.10.2019, 17:15OX App Suite through 7.10.2 has Insecure Permissions.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST8.1 HIGHNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 42%VendorProductVersionopen-xchangeopen-xchange_appsuite𝑥≤ 7.10.2𝑥= Vulnerable software versionsKnown Exploits!http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.htmlhttp://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.htmlCommon Weakness EnumerationCWE-281 - Improper Preservation of PermissionsThe software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.Referenceshttp://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.htmlhttps://seclists.org/fulldisclosure/2019/Oct/25http://packetstormsecurity.com/files/154826/Open-Xchange-OX-App-Suite-SSRF-XSS-Information-Disclosure-Access-Controls.htmlhttps://seclists.org/fulldisclosure/2019/Oct/25