CVE-2023-24597

OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
open-xchangeox_app_suite
𝑥
< 7.10.6
open-xchangeox_app_suite
7.10.6
open-xchangeox_app_suite
7.10.6:rev01
open-xchangeox_app_suite
7.10.6:rev02
open-xchangeox_app_suite
7.10.6:rev03
open-xchangeox_app_suite
7.10.6:rev04
open-xchangeox_app_suite
7.10.6:rev05
open-xchangeox_app_suite
7.10.6:rev06
open-xchangeox_app_suite
7.10.6:rev07
open-xchangeox_app_suite
7.10.6:rev08
open-xchangeox_app_suite
7.10.6:rev09
open-xchangeox_app_suite
7.10.6:rev10
open-xchangeox_app_suite
7.10.6:rev11
open-xchangeox_app_suite
7.10.6:rev12
open-xchangeox_app_suite
7.10.6:rev13
open-xchangeox_app_suite
7.10.6:rev14
open-xchangeox_app_suite
7.10.6:rev15
open-xchangeox_app_suite
7.10.6:rev16
open-xchangeox_app_suite
7.10.6:rev17
open-xchangeox_app_suite
7.10.6:rev18
open-xchangeox_app_suite
7.10.6:rev19
open-xchangeox_app_suite
7.10.6:rev20
open-xchangeox_app_suite
7.10.6:rev21
open-xchangeox_app_suite
7.10.6:rev22
open-xchangeox_app_suite
7.10.6:rev23
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2023/May/3
https://open-xchange.com
http://seclists.org/fulldisclosure/2023/May/3
https://open-xchange.com