CVE-2019-1671606.01.2020, 20:15OX App Suite through 7.10.2 has Incorrect Access Control.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.6 MEDIUMNETWORKHIGHHIGHCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 58%VendorProductVersionopen-xchangeopen-xchange_appsuite𝑥≤ 7.10.2𝑥= Vulnerable software versionsKnown Exploits!http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.htmlhttp://seclists.org/fulldisclosure/2020/Jan/7http://seclists.org/fulldisclosure/2020/Jan/7http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.htmlhttp://seclists.org/fulldisclosure/2020/Jan/7http://seclists.org/fulldisclosure/2020/Jan/7Common Weakness EnumerationCWE-276 - Incorrect Default PermissionsDuring installation, installed file permissions are set to allow anyone to modify those files.Referenceshttp://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.htmlhttp://seclists.org/fulldisclosure/2020/Jan/7http://seclists.org/fulldisclosure/2020/Jan/7http://packetstormsecurity.com/files/155813/OX-App-Suite-7.10.2-Cross-Site-Scripting-Improper-Access-Control.htmlhttp://seclists.org/fulldisclosure/2020/Jan/7http://seclists.org/fulldisclosure/2020/Jan/7