high
7.5
CWE
22
Advisory Published
Updated

CVE-2014-5236: Path Traversal

First published: Fri Jan 31 2020(Updated: )

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Open-Xchange App Suite Backend<=7.4.1
Open-Xchange App Suite Backend=7.4.2
Open-Xchange App Suite Backend=7.4.2-revision1
Open-Xchange App Suite Backend=7.4.2-revision10
Open-Xchange App Suite Backend=7.4.2-revision2
Open-Xchange App Suite Backend=7.4.2-revision3
Open-Xchange App Suite Backend=7.4.2-revision4
Open-Xchange App Suite Backend=7.4.2-revision5
Open-Xchange App Suite Backend=7.4.2-revision6
Open-Xchange App Suite Backend=7.4.2-revision7
Open-Xchange App Suite Backend=7.4.2-revision8
Open-Xchange App Suite Backend=7.4.2-revision9
Open-Xchange App Suite Backend=7.6.0
Open-Xchange App Suite Backend=7.6.0-revision1
Open-Xchange App Suite Backend=7.6.0-revision2
Open-Xchange App Suite Backend=7.6.0-revision3
Open-Xchange App Suite Backend=7.6.0-revision4
Open-Xchange App Suite Backend=7.6.0-revision5
Open-Xchange App Suite Backend=7.6.0-revision6
Open-Xchange App Suite Backend=7.6.0-revision7
Open-Xchange App Suite Backend=7.6.0-revision8

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2014-5236?

    CVE-2014-5236 has a medium severity rating due to its potential to allow unauthorized access to sensitive files.

  • How do I fix CVE-2014-5236?

    To fix CVE-2014-5236, update Open-Xchange AppSuite to version 7.4.2-rev10 or 7.6.0-rev10 or later.

  • Who is affected by CVE-2014-5236?

    CVE-2014-5236 affects versions of Open-Xchange AppSuite up to and including 7.4.1 and several 7.4.2 and 7.6.0 revisions.

  • What kind of attacks can exploit CVE-2014-5236?

    CVE-2014-5236 can be exploited through crafted OpenDocument text files containing OLE Objects or images.

  • What does CVE-2014-5236 allow attackers to do?

    CVE-2014-5236 allows remote attackers to read application files by using absolute path traversal vulnerabilities.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203