high
8.8
CWE
918
Advisory Published
Updated

CVE-2018-5752: SSRF

First published: Fri Jun 15 2018(Updated: )

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Open-xchange Open-xchange Appsuite<=7.6.3
Open-xchange Open-xchange Appsuite=7.6.3-rev14
Open-xchange Open-xchange Appsuite=7.6.3-rev15
Open-xchange Open-xchange Appsuite=7.6.3-rev16
Open-xchange Open-xchange Appsuite=7.6.3-rev17
Open-xchange Open-xchange Appsuite=7.6.3-rev18
Open-xchange Open-xchange Appsuite=7.6.3-rev20
Open-xchange Open-xchange Appsuite=7.6.3-rev22
Open-xchange Open-xchange Appsuite=7.6.3-rev23
Open-xchange Open-xchange Appsuite=7.6.3-rev24
Open-xchange Open-xchange Appsuite=7.6.3-rev25
Open-xchange Open-xchange Appsuite=7.6.3-rev26
Open-xchange Open-xchange Appsuite=7.6.3-rev28
Open-xchange Open-xchange Appsuite=7.6.3-rev29
Open-xchange Open-xchange Appsuite=7.6.3-rev30
Open-xchange Open-xchange Appsuite=7.6.3-rev31
Open-xchange Open-xchange Appsuite=7.6.3-rev32
Open-xchange Open-xchange Appsuite=7.6.3-rev33
Open-xchange Open-xchange Appsuite=7.6.3-rev35
Open-xchange Open-xchange Appsuite=7.8.0
Open-xchange Open-xchange Appsuite=7.8.2
Open-xchange Open-xchange Appsuite=7.8.3
Open-xchange Open-xchange Appsuite=7.8.3-rev10
Open-xchange Open-xchange Appsuite=7.8.3-rev11
Open-xchange Open-xchange Appsuite=7.8.3-rev12
Open-xchange Open-xchange Appsuite=7.8.3-rev13
Open-xchange Open-xchange Appsuite=7.8.3-rev14
Open-xchange Open-xchange Appsuite=7.8.3-rev15
Open-xchange Open-xchange Appsuite=7.8.3-rev16
Open-xchange Open-xchange Appsuite=7.8.3-rev17
Open-xchange Open-xchange Appsuite=7.8.3-rev18
Open-xchange Open-xchange Appsuite=7.8.3-rev19
Open-xchange Open-xchange Appsuite=7.8.3-rev20
Open-xchange Open-xchange Appsuite=7.8.3-rev21
Open-xchange Open-xchange Appsuite=7.8.3-rev22
Open-xchange Open-xchange Appsuite=7.8.3-rev23
Open-xchange Open-xchange Appsuite=7.8.3-rev24
Open-xchange Open-xchange Appsuite=7.8.3-rev25
Open-xchange Open-xchange Appsuite=7.8.3-rev26
Open-xchange Open-xchange Appsuite=7.8.3-rev27
Open-xchange Open-xchange Appsuite=7.8.3-rev28
Open-xchange Open-xchange Appsuite=7.8.3-rev29
Open-xchange Open-xchange Appsuite=7.8.3-rev30
Open-xchange Open-xchange Appsuite=7.8.3-rev31
Open-xchange Open-xchange Appsuite=7.8.3-rev32
Open-xchange Open-xchange Appsuite=7.8.3-rev33
Open-xchange Open-xchange Appsuite=7.8.3-rev34
Open-xchange Open-xchange Appsuite=7.8.3-rev35
Open-xchange Open-xchange Appsuite=7.8.3-rev36
Open-xchange Open-xchange Appsuite=7.8.3-rev38
Open-xchange Open-xchange Appsuite=7.8.3-rev39
Open-xchange Open-xchange Appsuite=7.8.3-rev40
Open-xchange Open-xchange Appsuite=7.8.3-rev41
Open-xchange Open-xchange Appsuite=7.8.3-rev42
Open-xchange Open-xchange Appsuite=7.8.3-rev43
Open-xchange Open-xchange Appsuite=7.8.3-rev5
Open-xchange Open-xchange Appsuite=7.8.3-rev6
Open-xchange Open-xchange Appsuite=7.8.3-rev8
Open-xchange Open-xchange Appsuite=7.8.3-rev9
Open-xchange Open-xchange Appsuite=7.8.4
Open-xchange Open-xchange Appsuite=7.8.4-rev10
Open-xchange Open-xchange Appsuite=7.8.4-rev11
Open-xchange Open-xchange Appsuite=7.8.4-rev13
Open-xchange Open-xchange Appsuite=7.8.4-rev14
Open-xchange Open-xchange Appsuite=7.8.4-rev15
Open-xchange Open-xchange Appsuite=7.8.4-rev16
Open-xchange Open-xchange Appsuite=7.8.4-rev17
Open-xchange Open-xchange Appsuite=7.8.4-rev18
Open-xchange Open-xchange Appsuite=7.8.4-rev19
Open-xchange Open-xchange Appsuite=7.8.4-rev20
Open-xchange Open-xchange Appsuite=7.8.4-rev21
Open-xchange Open-xchange Appsuite=7.8.4-rev3
Open-xchange Open-xchange Appsuite=7.8.4-rev4
Open-xchange Open-xchange Appsuite=7.8.4-rev5
Open-xchange Open-xchange Appsuite=7.8.4-rev6
Open-xchange Open-xchange Appsuite=7.8.4-rev7
Open-xchange Open-xchange Appsuite=7.8.4-rev8
Open-xchange Open-xchange Appsuite=7.8.4-rev9

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203