ID CVE-2018-5752
Summary The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.
References
Vulnerable Configurations
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev14:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev15:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev16:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev17:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev18:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev20:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev22:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev23:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev24:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev25:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev26:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev28:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev29:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev30:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev31:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev32:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev33:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:rev35:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev10:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev11:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev12:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev13:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev14:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev15:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev16:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev17:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev18:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev19:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev20:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev21:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev22:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev23:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev24:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev25:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev26:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev27:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev28:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev29:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev30:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev31:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev32:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev33:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev34:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev35:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev36:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev38:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev39:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev40:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev41:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev42:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev43:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev5:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev6:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev8:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3:rev9:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev10:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev11:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev13:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev14:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev15:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev16:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev17:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev18:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev19:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev20:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev21:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev3:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev4:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev5:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev6:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev7:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev8:*:*:*:*:*:*
  • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4:rev9:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 03-08-2018 - 17:09)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
exploit-db 44881
fulldisc 20180608 Open-Xchange Security Advisory 2018-06-08
misc http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html
Last major update 03-08-2018 - 17:09
Published 16-06-2018 - 01:29
Back to Top