December 3, 2023

Open-Xchange, a popular infrastructure provider has released fixes for several security vulnerabilities impacting OX App Suite. A secure email and collaboration software designed for telcos, web hosting firms, and service providers.

The latest patch release includes fixes for two RCE vulnerabilities that were discovered in the software’s document converter component. CVE-2022-23100 and CVE-2022-24405 earned CVSS scores of 8.2 and 7.3.

The document converter API was also found to harbor a server-side request forgery (SSRF) vulnerability (CVE-2022-24406) that potentially allowed attackers to predict multipart-form data boundaries and overwrite its content.

Further down the severity list are two cross-site scripting (XSS) flaws impacting OX App Suite (CVE-2022-23099, CVE-2022-23101). To exploit these flaws, an attacker would need to force a victim to click on a malicious link.

In the wake of the Log4Shell issue that rocked the global software development industry last December, OX App Suite also includes an update that addresses a similar potential issue in the Logback component (CVE-2021-42550).

The vulnerabilities impact OX App Suite versions 7.10.6 and earlier. They have all been fixed by the vendor in various branch updates.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – November, 2023

December 2, 2023

Staples affected by a Cyber Attack

December 2, 2023

CISA KEV Update Part I – December 2023

December 1, 2023 2

Dollar Tree Affected by a Third Party Breach

December 1, 2023

Apple Patches iOS zerodays – CVE-2023-42916 and CVE-2023-42917

December 1, 2023

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023
%d bloggers like this: