CVE-2014-5238 — XML External Entity (XXE) Injection in Appsuite

CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 34.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite

Timeline

PublishedJan 14

Latest updateMay 17

Description

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDopen-xchange/open-xchange_appsuite7.4.1+2

🔴Vulnerability Details

GHSA

GHSA-ccpx-2wj9-vw2w: XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7↗2022-05-17

▶

CVEList

CVE-2014-5238: XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7↗2020-01-14

▶