{"vulnerability": "CVE-2022-3731", "sightings": [{"uuid": "50323b77-b5e2-4e55-a46f-aa54d2c21c1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37313", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11629", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37313\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T14:33:40.561Z\n\ud83d\udd17 References:\n1. https://open-xchange.com\n2. https://seclists.org/fulldisclosure/2022/Nov/18", "creation_timestamp": "2025-04-14T14:53:59.000000Z"}, {"uuid": "f4d718a7-6fc0-4187-b9d1-5fbc0abf56db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37312", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11628", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37312\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T14:35:39.930Z\n\ud83d\udd17 References:\n1. https://open-xchange.com\n2. https://seclists.org/fulldisclosure/2022/Nov/18", "creation_timestamp": "2025-04-14T14:53:58.000000Z"}, {"uuid": "62c0bf36-9a8b-48a9-b8da-dba31a60ad9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37311", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11626", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37311\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T14:36:38.009Z\n\ud83d\udd17 References:\n1. https://open-xchange.com\n2. https://seclists.org/fulldisclosure/2022/Nov/18", "creation_timestamp": "2025-04-14T14:53:56.000000Z"}, {"uuid": "f258c2dc-1134-4c0f-a3e3-067c3d51a75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37310", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11624", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-37310\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T14:38:35.949Z\n\ud83d\udd17 References:\n1. https://open-xchange.com\n2. https://seclists.org/fulldisclosure/2022/Nov/18", "creation_timestamp": "2025-04-14T14:53:51.000000Z"}, {"uuid": "22ff0e69-6c8d-483c-acbb-2e7e1485c6e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37311", "type": "seen", "source": "https://t.me/cibsecurity/55326", "content": "\u203c CVE-2022-37311 \u203c\n\nOX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T07:40:28.000000Z"}, {"uuid": "6aab79be-6fa0-4ba6-82bd-b350f474fcce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37313", "type": "seen", "source": "https://t.me/cibsecurity/55325", "content": "\u203c CVE-2022-37313 \u203c\n\nOX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T07:40:27.000000Z"}, {"uuid": "03860c1d-1b6b-45a4-88da-8f2a8d683677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37312", "type": "seen", "source": "https://t.me/cibsecurity/55327", "content": "\u203c CVE-2022-37312 \u203c\n\nOX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T07:40:29.000000Z"}, {"uuid": "86f8220e-a709-4cd8-a891-a00337163472", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37310", "type": "seen", "source": "https://t.me/cibsecurity/55336", "content": "\u203c CVE-2022-37310 \u203c\n\nOX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T07:40:41.000000Z"}, {"uuid": "cf012cdd-cc9b-4053-af7a-96dc6431767b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-37315", "type": "seen", "source": "https://t.me/cibsecurity/47392", "content": "\u203c CVE-2022-37315 \u203c\n\ngraphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T02:17:18.000000Z"}]}