oxas-adv-2022-0001
Vulnerability from csaf_ox
Published
2022-08-10 00:00
Modified
2024-01-22 00:00
Summary
OX App Suite Security Advisory OXAS-ADV-2022-0001



{
  "document": {
    "aggregate_severity": {
      "text": "MEDIUM"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "lang": "en-US",
    "publisher": {
      "category": "vendor",
      "name": "Open-Xchange GmbH",
      "namespace": "https://open-xchange.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Release Notes",
        "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6155_7.10.5_2022-08-10.pdf"
      },
      {
        "category": "external",
        "summary": "Release Notes",
        "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6156_7.10.6_2022-08-10.pdf"
      },
      {
        "category": "self",
        "summary": "Canonical CSAF document",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2022/oxas-adv-2022-0001.json"
      },
      {
        "category": "self",
        "summary": "Markdown representation",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/md/2022/oxas-adv-2022-0001.md"
      },
      {
        "category": "self",
        "summary": "HTML representation",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/html/2022/oxas-adv-2022-0001.html"
      },
      {
        "category": "self",
        "summary": "Plain-text representation",
        "url": "https://documentation.open-xchange.com/appsuite/security/advisories/txt/2022/oxas-adv-2022-0001.txt"
      }
    ],
    "title": "OX App Suite Security Advisory OXAS-ADV-2022-0001",
    "tracking": {
      "current_release_date": "2024-01-22T00:00:00+00:00",
      "generator": {
        "date": "2024-01-22T13:14:02+00:00",
        "engine": {
          "name": "OX CSAF",
          "version": "1.0.0"
        }
      },
      "id": "OXAS-ADV-2022-0001",
      "initial_release_date": "2022-08-10T00:00:00+02:00",
      "revision_history": [
        {
          "date": "2022-08-10T00:00:00+02:00",
          "number": "1",
          "summary": "Initial release"
        },
        {
          "date": "2024-01-22T00:00:00+00:00",
          "number": "2",
          "summary": "Public release"
        },
        {
          "date": "2024-01-22T00:00:00+00:00",
          "number": "3",
          "summary": "Public release"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.10.5-rev36",
                "product": {
                  "name": "OX App Suite frontend 7.10.5-rev36",
                  "product_id": "OXAS-FRONTEND_7.10.5-rev36",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev36:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev15",
                "product": {
                  "name": "OX App Suite frontend 7.10.6-rev15",
                  "product_id": "OXAS-FRONTEND_7.10.6-rev15",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev15:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.5-rev37",
                "product": {
                  "name": "OX App Suite frontend 7.10.5-rev37",
                  "product_id": "OXAS-FRONTEND_7.10.5-rev37",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev37:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6155"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6156"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev16",
                "product": {
                  "name": "OX App Suite frontend 7.10.6-rev16",
                  "product_id": "OXAS-FRONTEND_7.10.6-rev16",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev16:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6155"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6156"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.2",
                "product": {
                  "name": "OX App Suite frontend 8.2",
                  "product_id": "OXAS-FRONTEND_8.2",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.2:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.3",
                "product": {
                  "name": "OX App Suite frontend 8.3",
                  "product_id": "OXAS-FRONTEND_8.3",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.3:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.4",
                "product": {
                  "name": "OX App Suite frontend 8.4",
                  "product_id": "OXAS-FRONTEND_8.4",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.4:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev50",
                "product": {
                  "name": "OX App Suite frontend 7.6.3-rev50",
                  "product_id": "OXAS-FRONTEND_7.6.3-rev50",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev50:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev51",
                "product": {
                  "name": "OX App Suite frontend 7.6.3-rev51",
                  "product_id": "OXAS-FRONTEND_7.6.3-rev51",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev51:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6155"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6156"
                      }
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OX App Suite frontend"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.10.5-rev46",
                "product": {
                  "name": "OX App Suite backend 7.10.5-rev46",
                  "product_id": "OXAS-BACKEND_7.10.5-rev46",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev46:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev21",
                "product": {
                  "name": "OX App Suite backend 7.10.6-rev21",
                  "product_id": "OXAS-BACKEND_7.10.6-rev21",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev21:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev65",
                "product": {
                  "name": "OX App Suite backend 7.6.3-rev65",
                  "product_id": "OXAS-BACKEND_7.6.3-rev65",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev65:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.3",
                "product": {
                  "name": "OX App Suite backend 8.3",
                  "product_id": "OXAS-BACKEND_8.3",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.3:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.5-rev47",
                "product": {
                  "name": "OX App Suite backend 7.10.5-rev47",
                  "product_id": "OXAS-BACKEND_7.10.5-rev47",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.5:rev47:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6155"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6156"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.10.6-rev22",
                "product": {
                  "name": "OX App Suite backend 7.10.6-rev22",
                  "product_id": "OXAS-BACKEND_7.10.6-rev22",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev22:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6155"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6156"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.6.3-rev66",
                "product": {
                  "name": "OX App Suite backend 7.6.3-rev66",
                  "product_id": "OXAS-BACKEND_7.6.3-rev66",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:7.6.3:rev66:*:*:*:*:*:*",
                    "x_generic_uris": [
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6155"
                      },
                      {
                        "namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
                        "uri": "urn:open-xchange:app_suite:patch-id:6156"
                      }
                    ]
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.4",
                "product": {
                  "name": "OX App Suite backend 8.4",
                  "product_id": "OXAS-BACKEND_8.4",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.4:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.2",
                "product": {
                  "name": "OX App Suite backend 8.2",
                  "product_id": "OXAS-BACKEND_8.2",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:a:open-xchange:app_suite:8.2:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OX App Suite backend"
          }
        ],
        "category": "vendor",
        "name": "Open-Xchange GmbH"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-31469",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-05-23T08:46:44+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-1654"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The detection mechanism for \"deep links\" in E-Mail (e.g. pointing to OX Drive) allows to inject references to arbitrary fake applications. This can be used to request unexpected content, potentially including script code, when those links are used."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.5-rev37",
          "OXAS-FRONTEND_7.10.6-rev16"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.5-rev36",
          "OXAS-FRONTEND_7.10.6-rev15"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-02T00:13:24+02:00",
          "details": "Please deploy the provided updates and patch releases. We improved deep-link validation to avoid malicious use.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require the victim to follow a hyperlink."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "Bypass for E-Mail \"deep links\""
    },
    {
      "cve": "CVE-2022-37307",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-05-30T10:27:36+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-1678"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Certain content like E-Mail signatures are stored using the \"snippets\" mechanism. This mechanism contains a weakness that allows to inject seemingly benign HTML content, like XHTML CDATA constructs, that will be sanitized to malicious code. Once such code is in place it can be used for persistent access to the users account."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.5-rev37",
          "OXAS-FRONTEND_7.10.6-rev16",
          "OXAS-FRONTEND_8.3"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.5-rev36",
          "OXAS-FRONTEND_7.10.6-rev15",
          "OXAS-FRONTEND_8.2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-01-18T18:23:26+01:00",
          "details": "Please deploy the provided updates and patch releases. We improved the sanitizing algorithm to deal with disguised code.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15",
            "OXAS-FRONTEND_8.2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15",
            "OXAS-FRONTEND_8.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require access to the same OX App Suite instance or temporary access to the users account."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "XSS sanitization bypass for HTML snippets"
    },
    {
      "cve": "CVE-2022-37308",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-06-22T08:56:27+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-1731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Plain-text mail that contains HTML code can be used to inject script code when printing E-Mail."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.5-rev37",
          "OXAS-FRONTEND_7.10.6-rev16",
          "OXAS-FRONTEND_8.4"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.5-rev36",
          "OXAS-FRONTEND_7.10.6-rev15",
          "OXAS-FRONTEND_8.3"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-02T00:03:27+02:00",
          "details": "Please deploy the provided updates and patch releases. We removed text-mode specific code and use existing sanitization mechanisms for HTML content.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15",
            "OXAS-FRONTEND_8.3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15",
            "OXAS-FRONTEND_8.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would need to make the victim print a malicious E-Mail."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "XSS with print templates when using plain-text mail"
    },
    {
      "cve": "CVE-2022-37309",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-06-22T08:59:58+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-1732"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Contacts that do not contain a name but only a e-mail address can be used to inject script code to the \"contact picker\" component, commonly used to select contacts as recipients or participants."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.5-rev37",
          "OXAS-FRONTEND_7.10.6-rev16",
          "OXAS-FRONTEND_8.4"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.5-rev36",
          "OXAS-FRONTEND_7.10.6-rev15",
          "OXAS-FRONTEND_8.3"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-02T00:02:06+02:00",
          "details": "Please deploy the provided updates and patch releases. We now apply proper HTML escaping to all relevant data sets.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15",
            "OXAS-FRONTEND_8.3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15",
            "OXAS-FRONTEND_8.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require access to the same OX App Suite instance or make the victim import malicious contact data."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "XSS at address picker when not using \"fullname\""
    },
    {
      "cve": "CVE-2022-37310",
      "cwe": {
        "id": "CWE-80",
        "name": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
      },
      "discovery_date": "2022-07-20T08:44:53+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "OXUIB-1785"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The metrics and help modules use parts of the URL to determine capabilities. This mechanism suffers from a weakness that allows attackers to use special characters that register malicious capabilities, which will be executed as script code after login."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-FRONTEND_7.10.5-rev37",
          "OXAS-FRONTEND_7.10.6-rev16",
          "OXAS-FRONTEND_7.6.3-rev51",
          "OXAS-FRONTEND_8.4"
        ],
        "last_affected": [
          "OXAS-FRONTEND_7.10.5-rev36",
          "OXAS-FRONTEND_7.10.6-rev15",
          "OXAS-FRONTEND_7.6.3-rev50",
          "OXAS-FRONTEND_8.3"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-02T11:14:49+02:00",
          "details": "Please deploy the provided updates and patch releases. We sanitized any non-parsable characters from the capabilities input.",
          "product_ids": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15",
            "OXAS-FRONTEND_7.6.3-rev50",
            "OXAS-FRONTEND_8.3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-FRONTEND_7.10.5-rev36",
            "OXAS-FRONTEND_7.10.6-rev15",
            "OXAS-FRONTEND_7.6.3-rev50",
            "OXAS-FRONTEND_8.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface (e.g. redirecting to a third-party site). To exploit this an attacker would require the victim to follow a hyperlink to its App Suite instance and login. While the \"metrics\" module is optional, the \"help\" module is available on all instances."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "XSS using \"capabilities\" evaluation and checks"
    },
    {
      "cve": "CVE-2022-37313",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2022-07-14T15:30:47+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1712"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Deny-lists regarding external connections can be bypassed by using malicious DNS records with more than one A or AAAA response."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.5-rev47",
          "OXAS-BACKEND_7.10.6-rev22",
          "OXAS-BACKEND_7.6.3-rev66",
          "OXAS-BACKEND_8.4"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.5-rev46",
          "OXAS-BACKEND_7.10.6-rev21",
          "OXAS-BACKEND_7.6.3-rev65",
          "OXAS-BACKEND_8.3"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-02T01:42:46+02:00",
          "details": "Please deploy the provided updates and patch releases. We improved the analysis of DNS responses and check all available records against deny-list entries.",
          "product_ids": [
            "OXAS-BACKEND_7.10.5-rev46",
            "OXAS-BACKEND_7.10.6-rev21",
            "OXAS-BACKEND_7.6.3-rev65",
            "OXAS-BACKEND_8.3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.5-rev46",
            "OXAS-BACKEND_7.10.6-rev21",
            "OXAS-BACKEND_7.6.3-rev65",
            "OXAS-BACKEND_8.3"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Server-initiated requests to external resources (e.g. E-Mail accounts, data feeds) can be directed to internal resources that are restricted based on deny-list settings. This can be used to determine \"internal\" addresses and services, depending on measurement and content of error responses. While no data of such services can be exfiltrated, the risk is a violation of perimeter based security policies."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "SSRF due to multiple DNS records per domain"
    },
    {
      "cve": "CVE-2022-37312",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-07-14T16:38:08+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The size of the request body for certain API endpoints were not sufficiently checked for plausible sizes."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.5-rev47",
          "OXAS-BACKEND_7.10.6-rev22",
          "OXAS-BACKEND_7.6.3-rev66",
          "OXAS-BACKEND_8.3"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.5-rev46",
          "OXAS-BACKEND_7.10.6-rev21",
          "OXAS-BACKEND_7.6.3-rev65",
          "OXAS-BACKEND_8.2"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-02T00:18:04+02:00",
          "details": "Please deploy the provided updates and patch releases. We now enforce checks that make sure only requests with plausible size are being processed to avoid uncontrolled resource usage.",
          "product_ids": [
            "OXAS-BACKEND_7.10.5-rev46",
            "OXAS-BACKEND_7.10.6-rev21",
            "OXAS-BACKEND_7.6.3-rev65",
            "OXAS-BACKEND_8.2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.5-rev46",
            "OXAS-BACKEND_7.10.6-rev21",
            "OXAS-BACKEND_7.6.3-rev65",
            "OXAS-BACKEND_8.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Requests can be abused to consume large amounts of memory and eventually lead to resource exhaustion. Since such requests are highly asymmetric in terms of resource requirements between the client and the server, they can be scaled to such a degree that the system becomes temporarily unresponsive for all users. Those requests do not require authentication."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "DoS via unchecked \"deferrer\" servlet parameters"
    },
    {
      "cve": "CVE-2022-37311",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2022-07-14T16:41:25+02:00",
      "ids": [
        {
          "system_name": "OX Bug",
          "text": "MWB-1714"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The size of the request parameters for certain API endpoints were not sufficiently checked for plausible sizes."
        }
      ],
      "product_status": {
        "first_fixed": [
          "OXAS-BACKEND_7.10.5-rev47",
          "OXAS-BACKEND_7.10.6-rev22",
          "OXAS-BACKEND_7.6.3-rev66"
        ],
        "last_affected": [
          "OXAS-BACKEND_7.10.5-rev46",
          "OXAS-BACKEND_7.10.6-rev21",
          "OXAS-BACKEND_7.6.3-rev65"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-02T00:16:37+02:00",
          "details": "Please deploy the provided updates and patch releases. We now enforce checks that make sure only requests with plausible size are being processed to avoid uncontrolled resource usage.",
          "product_ids": [
            "OXAS-BACKEND_7.10.5-rev46",
            "OXAS-BACKEND_7.10.6-rev21",
            "OXAS-BACKEND_7.6.3-rev65"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "OXAS-BACKEND_7.10.5-rev46",
            "OXAS-BACKEND_7.10.6-rev21",
            "OXAS-BACKEND_7.6.3-rev65"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Requests can be abused to consume large amounts of memory and eventually lead to resource exhaustion. Since such requests are highly asymmetric in terms of resource requirements between the client and the server, they can be scaled to such a degree that the system becomes temporarily unresponsive for all users. Those requests do not require authentication."
        },
        {
          "category": "exploit_status",
          "details": "No publicly available exploits are known."
        }
      ],
      "title": "DoS via unchecked \"redirect\" servlet parameters"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.