CVE-2021-28095

EUVD-2021-14799
OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
open-xchangeopen-xchange_documents
𝑥
< 7.10.5
open-xchangeopen-xchange_documents
7.10.5
open-xchangeopen-xchange_documents
7.10.5:revision1
open-xchangeopen-xchange_documents
7.10.5:revision2
open-xchangeopen-xchange_documents
7.10.5:revision3
open-xchangeopen-xchange_documents
7.10.5:revision4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html
http://seclists.org/fulldisclosure/2021/Jul/37
https://www.open-xchange.com
http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html
http://seclists.org/fulldisclosure/2021/Jul/37
https://www.open-xchange.com