CVE-2021-38376 — Improper Authentication in OX APP Suite

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 49.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 22

Latest updateMay 24

Description

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

GHSA

GHSA-v583-7m9j-97cw: OX App Suite through 7↗2022-05-24

▶

CVEList

CVE-2021-38376: OX App Suite through 7↗2021-11-22

▶