CVE-2020-12645: Input Validation
First published: Mon Aug 31 2020(Updated: )
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open-xchange Open-xchange Appsuite | >=7.10.1<=7.10.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-12645?
The severity of CVE-2020-12645 is classified as critical with a CVSS score of 9.8.
Which version of OX App Suite is affected by CVE-2020-12645?
OX App Suite versions 7.10.1 to 7.10.3 are affected by CVE-2020-12645.
What are the impacts of CVE-2020-12645?
CVE-2020-12645 can lead to improper input validation for rate limits, spoofed vacation notices, and excessive memory consumption in /apps/load.
How can I mitigate CVE-2020-12645?
To mitigate CVE-2020-12645, it is recommended to update OX App Suite to a version beyond 7.10.3.
Where can I find more information about CVE-2020-12645?
More information about CVE-2020-12645 can be found at the following references: [1] [2].
- collector/nvd-index
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- vendor/open-xchange
- canonical/open-xchange open-xchange appsuite
- version/open-xchange open-xchange appsuite/7.10.1
- version/open-xchange open-xchange appsuite/7.10.3