May 28, 2023

Open-Xchange, a popular infrastructure provider has released fixes for several security vulnerabilities impacting OX App Suite. A secure email and collaboration software designed for telcos, web hosting firms, and service providers.

The latest patch release includes fixes for two RCE vulnerabilities that were discovered in the software’s document converter component. CVE-2022-23100 and CVE-2022-24405 earned CVSS scores of 8.2 and 7.3.

The document converter API was also found to harbor a server-side request forgery (SSRF) vulnerability (CVE-2022-24406) that potentially allowed attackers to predict multipart-form data boundaries and overwrite its content.

Further down the severity list are two cross-site scripting (XSS) flaws impacting OX App Suite (CVE-2022-23099, CVE-2022-23101). To exploit these flaws, an attacker would need to force a victim to click on a malicious link.

In the wake of the Log4Shell issue that rocked the global software development industry last December, OX App Suite also includes an update that addresses a similar potential issue in the Logback component (CVE-2021-42550).

The vulnerabilities impact OX App Suite versions 7.10.6 and earlier. They have all been fixed by the vendor in various branch updates.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
Buhti Ransomware Dissection

Buhti Ransomware Dissection

May 26, 2023
%d bloggers like this: