Lucene search
MitreCVE-2021-26699HistoryJul 22, 2021 - 5:15 p.m.
CVE-2021-26699
2021-07-2217:15:09
CWE-918
mitre
web.nvd.nist.gov
30
3
cve-2021-26699
ox app suite
ssrf
vulnerability
imageconverter
svg
png
security
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
AI Score
5.4
Confidence
High
EPSS
0.002
Percentile
61.6%
OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used.
Affected configurations
Node
open-xchangeopen-xchange_appsuiteMatch7.10.3-
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5547
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5572
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5623
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5653
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5677
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3patch_release5720
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev1
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev10
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev11
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev12
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev13
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev14
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev15
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev16
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev17
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev18
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev19
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev2
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev20
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev21
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev22
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev23
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev24
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev25
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev26
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev27
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev28
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev29
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev3
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev30
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev31
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev4
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev5
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev6
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev7
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev8
ORopen-xchangeopen-xchange_appsuiteMatch7.10.3rev9
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4-
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev1
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev10
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev11
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev12
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev13
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev14
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev15
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev16
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev17
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev2
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev3
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev4
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev5
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev6
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev7
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev8
ORopen-xchangeopen-xchange_appsuiteMatch7.10.4rev9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:-:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5547:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5572:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5623:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5653:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5677:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:patch_release5720:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev1:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev10:*:*:*:*:*:* |
| open-xchange | open-xchange_appsuite | 7.10.3 | cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.3:rev11:*:*:*:*:*:* |
References
Social References
More
Related
cnvd
cnvd
Open-xchange OX App Suite Code Issue Vulnerability (CNVD-2022-28453)
2021-07-20 00:00:00
cvelist
cvelist
CVE-2021-26699
2021-07-22 16:22:58
prion
prion
Server side request forgery (ssrf)
2021-07-22 17:15:00
nvd
nvd
CVE-2021-26699
2021-07-22 17:15:09
packetstorm
packetstorm
OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
2021-07-16 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
AI Score
5.4
Confidence
High
EPSS
0.002
Percentile
61.6%
Related for CVE-2021-26699