CVE-2021-26699 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.4 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Vendor	Product	Version
open-xchange	open-xchange_appsuite	7.10.3
open-xchange	open-xchange_appsuite	7.10.3:patch_release5547
open-xchange	open-xchange_appsuite	7.10.3:patch_release5572
open-xchange	open-xchange_appsuite	7.10.3:patch_release5623
open-xchange	open-xchange_appsuite	7.10.3:patch_release5653
open-xchange	open-xchange_appsuite	7.10.3:patch_release5677
open-xchange	open-xchange_appsuite	7.10.3:patch_release5720
open-xchange	open-xchange_appsuite	7.10.3:rev1
open-xchange	open-xchange_appsuite	7.10.3:rev10
open-xchange	open-xchange_appsuite	7.10.3:rev11
open-xchange	open-xchange_appsuite	7.10.3:rev12
open-xchange	open-xchange_appsuite	7.10.3:rev13
open-xchange	open-xchange_appsuite	7.10.3:rev14
open-xchange	open-xchange_appsuite	7.10.3:rev15
open-xchange	open-xchange_appsuite	7.10.3:rev16
open-xchange	open-xchange_appsuite	7.10.3:rev17
open-xchange	open-xchange_appsuite	7.10.3:rev18
open-xchange	open-xchange_appsuite	7.10.3:rev19
open-xchange	open-xchange_appsuite	7.10.3:rev2
open-xchange	open-xchange_appsuite	7.10.3:rev20
open-xchange	open-xchange_appsuite	7.10.3:rev21
open-xchange	open-xchange_appsuite	7.10.3:rev22
open-xchange	open-xchange_appsuite	7.10.3:rev23
open-xchange	open-xchange_appsuite	7.10.3:rev24
open-xchange	open-xchange_appsuite	7.10.3:rev25
open-xchange	open-xchange_appsuite	7.10.3:rev26
open-xchange	open-xchange_appsuite	7.10.3:rev27
open-xchange	open-xchange_appsuite	7.10.3:rev28
open-xchange	open-xchange_appsuite	7.10.3:rev29
open-xchange	open-xchange_appsuite	7.10.3:rev3
open-xchange	open-xchange_appsuite	7.10.3:rev30
open-xchange	open-xchange_appsuite	7.10.3:rev31
open-xchange	open-xchange_appsuite	7.10.3:rev4
open-xchange	open-xchange_appsuite	7.10.3:rev5
open-xchange	open-xchange_appsuite	7.10.3:rev6
open-xchange	open-xchange_appsuite	7.10.3:rev7
open-xchange	open-xchange_appsuite	7.10.3:rev8
open-xchange	open-xchange_appsuite	7.10.3:rev9
open-xchange	open-xchange_appsuite	7.10.4
open-xchange	open-xchange_appsuite	7.10.4:rev1
open-xchange	open-xchange_appsuite	7.10.4:rev10
open-xchange	open-xchange_appsuite	7.10.4:rev11
open-xchange	open-xchange_appsuite	7.10.4:rev12
open-xchange	open-xchange_appsuite	7.10.4:rev13
open-xchange	open-xchange_appsuite	7.10.4:rev14
open-xchange	open-xchange_appsuite	7.10.4:rev15
open-xchange	open-xchange_appsuite	7.10.4:rev16
open-xchange	open-xchange_appsuite	7.10.4:rev17
open-xchange	open-xchange_appsuite	7.10.4:rev2
open-xchange	open-xchange_appsuite	7.10.4:rev3
open-xchange	open-xchange_appsuite	7.10.4:rev4
open-xchange	open-xchange_appsuite	7.10.4:rev5
open-xchange	open-xchange_appsuite	7.10.4:rev6
open-xchange	open-xchange_appsuite	7.10.4:rev7
open-xchange	open-xchange_appsuite	7.10.4:rev8
open-xchange	open-xchange_appsuite	7.10.4:rev9

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html

http://seclists.org/fulldisclosure/2021/Jul/33

https://seclists.org/fulldisclosure/2021/Jul/33

https://www.open-xchange.com

http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Guard-OX-Documents-SSRF-Cross-Site-Scripting.html

http://seclists.org/fulldisclosure/2021/Jul/33

https://seclists.org/fulldisclosure/2021/Jul/33

https://www.open-xchange.com