CVE-2018-12609 — Server-Side Request Forgery in Appsuite

CWE-918 — Server-Side Request Forgery3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 41.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

1

Open-xchange Appsuite

Timeline

PublishedJan 30

Latest updateMay 14

Description

OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDopen-xchange/open-xchange_appsuite7.8.4

Patches

Patch: software.open-xchange.com ↗Patch: software.open-xchange.com ↗Patch: software.open-xchange.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-5gxj-p7f8-f7j4: OX App Suite 7↗2022-05-14

▶

CVEList

CVE-2018-12609: OX App Suite 7↗2019-01-29

▶

CVE-2018-12609 — Server-Side Request Forgery | cvebase