CVE-2023-41707
published 2024-02-12CVE-2023-41707: Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the…
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.78%
51.5th percentile
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached.
No publicly available exploits are known.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | < 7.6.3 | 7.6.3 |
| open-xchange | open-xchange_appsuite | < 7.10.6 | 7.10.6 |
| open-xchange | open-xchange_appsuite | < 8.20 | 8.20 |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange_gmbh | ox_app_suite | <= 7.10.6-rev55 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.jsonhttps://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdfhttp://seclists.org/fulldisclosure/2024/Feb/10https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.jsonhttps://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf
2024-02-12
Published