CVE-2022-43698

OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
open-xchangeox_app_suite
𝑥
< 7.10.6
open-xchangeox_app_suite
7.10.6
open-xchangeox_app_suite
7.10.6:rev01
open-xchangeox_app_suite
7.10.6:rev02
open-xchangeox_app_suite
7.10.6:rev03
open-xchangeox_app_suite
7.10.6:rev04
open-xchangeox_app_suite
7.10.6:rev05
open-xchangeox_app_suite
7.10.6:rev06
open-xchangeox_app_suite
7.10.6:rev07
open-xchangeox_app_suite
7.10.6:rev08
open-xchangeox_app_suite
7.10.6:rev09
open-xchangeox_app_suite
7.10.6:rev10
open-xchangeox_app_suite
7.10.6:rev11
open-xchangeox_app_suite
7.10.6:rev12
open-xchangeox_app_suite
7.10.6:rev13
open-xchangeox_app_suite
7.10.6:rev14
open-xchangeox_app_suite
7.10.6:rev15
open-xchangeox_app_suite
7.10.6:rev16
open-xchangeox_app_suite
7.10.6:rev17
open-xchangeox_app_suite
7.10.6:rev18
open-xchangeox_app_suite
7.10.6:rev19
open-xchangeox_app_suite
7.10.6:rev20
open-xchangeox_app_suite
7.10.6:rev21
open-xchangeox_app_suite
7.10.6:rev22
open-xchangeox_app_suite
7.10.6:rev23
open-xchangeox_app_suite
7.10.6:rev24
open-xchangeox_app_suite
7.10.6:rev25
open-xchangeox_app_suite
7.10.6:rev26
open-xchangeox_app_suite
7.10.6:rev27
open-xchangeox_app_suite
7.10.6:rev28
open-xchangeox_app_suite
7.10.6:rev29
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://open-xchange.com
https://seclists.org/fulldisclosure/2023/Feb/3
https://open-xchange.com
https://seclists.org/fulldisclosure/2023/Feb/3