CVE-2021-28095

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
open-xchangeopen-xchange_documents
𝑥
< 7.10.5
open-xchangeopen-xchange_documents
7.10.5
open-xchangeopen-xchange_documents
7.10.5:revision1
open-xchangeopen-xchange_documents
7.10.5:revision2
open-xchangeopen-xchange_documents
7.10.5:revision3
open-xchangeopen-xchange_documents
7.10.5:revision4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html
http://seclists.org/fulldisclosure/2021/Jul/37
https://www.open-xchange.com
http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html
http://seclists.org/fulldisclosure/2021/Jul/37
https://www.open-xchange.com