CVE-2021-33493 β€” Code Injection in OX APP Suite

CWE-94 β€” Code Injection3 documents3 sources
Severity
6.0MEDIUMNVD
EPSS
0.2%
top 57.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Open-xchange OX APP Suite
Timeline
PublishedNov 22
Latest updateNov 23

Description

The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-vmwh-g38p-m7q2: The middleware component in OX App Suite through 7β†—2021-11-23
β–Ά
CVEList
CVE-2021-33493: The middleware component in OX App Suite through 7β†—2021-11-22
β–Ά
CVE-2021-33493 β€” Code Injection in OX APP Suite | cvebase