CVE-2021-28095

2021-07-2705:12:19

mitre

www.cve.org

ox documents

incorrect access control

xml structures

hash collisions

crc32

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

46.3%

JSON

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.

References

packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html

seclists.org/fulldisclosure/2021/Jul/37

www.open-xchange.com