Lucene search

MitreCVE-2021-28094

HistoryJul 30, 2021 - 2:15 p.m.

CVE-2021-28094

2021-07-3014:15:16

CWE-326

mitre

web.nvd.nist.gov

cve-2021-28094

ox documents

incorrect access control

converted documents

hash collisions

crc32

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

46.3%

JSON

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.

Affected configurations

Nvd

Node

open-xchangeopen-xchange_documentsRange<7.10.5

open-xchangeopen-xchange_documentsMatch7.10.5-

open-xchangeopen-xchange_documentsMatch7.10.5revision1

open-xchangeopen-xchange_documentsMatch7.10.5revision2

open-xchangeopen-xchange_documentsMatch7.10.5revision3

open-xchangeopen-xchange_documentsMatch7.10.5revision4

open-xchangeopen-xchange_documentsMatch7.10.5revision5

open-xchangeopen-xchange_documentsMatch7.10.5revision6

VendorProductVersionCPE
open-xchangeopen-xchange_documents*cpe:2.3:a:open-xchange:open-xchange_documents:*:*:*:*:*:*:*:*
open-xchangeopen-xchange_documents7.10.5cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:-:*:*:*:*:*:*
open-xchangeopen-xchange_documents7.10.5cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision1:*:*:*:*:*:*
open-xchangeopen-xchange_documents7.10.5cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision2:*:*:*:*:*:*
open-xchangeopen-xchange_documents7.10.5cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision3:*:*:*:*:*:*
open-xchangeopen-xchange_documents7.10.5cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision4:*:*:*:*:*:*
open-xchangeopen-xchange_documents7.10.5cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision5:*:*:*:*:*:*
open-xchangeopen-xchange_documents7.10.5cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision6:*:*:*:*:*:*

Vendor	Product	Version	CPE
open-xchange	open-xchange_documents	*	cpe:2.3:a:open-xchange:open-xchange_documents::::::::
open-xchange	open-xchange_documents	7.10.5	cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:-::::::
open-xchange	open-xchange_documents	7.10.5	cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision1::::::
open-xchange	open-xchange_documents	7.10.5	cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision2::::::
open-xchange	open-xchange_documents	7.10.5	cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision3::::::
open-xchange	open-xchange_documents	7.10.5	cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision4::::::
open-xchange	open-xchange_documents	7.10.5	cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision5::::::
open-xchange	open-xchange_documents	7.10.5	cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision6::::::

References

packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html

seclists.org/fulldisclosure/2021/Jul/37

www.open-xchange.com

Social References

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

46.3%

JSON

Related for CVE-2021-28094