What is the severity of CVE-2021-28093?

CVE-2021-28093 is classified as a medium severity vulnerability that affects access control of converted images.

How do I fix CVE-2021-28093?

To remediate CVE-2021-28093, update Open-Xchange Documents to version 7.10.5-rev6 or later.

What versions are affected by CVE-2021-28093?

CVE-2021-28093 affects Open-Xchange Documents versions prior to 7.10.5-rev5.

What type of vulnerability is CVE-2021-28093?

CVE-2021-28093 is an improper access control vulnerability due to hash collisions.

Can CVE-2021-28093 lead to data exposure?

Yes, CVE-2021-28093 can potentially allow unauthorized users to access converted images.

Vulnerability/
CVE-2021-28093

medium

6.5

CWE

326

27/7/2021

3/8/2024

CVE-2021-28093: Weak Encryption

First published: Tue Jul 27 2021(Updated: )

OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collisions can occur, due to use of Adler32.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Open-xchange Documents	<7.10.5
Open-xchange Documents	=7.10.5
Open-xchange Documents	=7.10.5-revision1
Open-xchange Documents	=7.10.5-revision2
Open-xchange Documents	=7.10.5-revision3
Open-xchange Documents	=7.10.5-revision4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-28093?
CVE-2021-28093 is classified as a medium severity vulnerability that affects access control of converted images.
How do I fix CVE-2021-28093?
To remediate CVE-2021-28093, update Open-Xchange Documents to version 7.10.5-rev6 or later.
What versions are affected by CVE-2021-28093?
CVE-2021-28093 affects Open-Xchange Documents versions prior to 7.10.5-rev5.
What type of vulnerability is CVE-2021-28093?
CVE-2021-28093 is an improper access control vulnerability due to hash collisions.
Can CVE-2021-28093 lead to data exposure?
Yes, CVE-2021-28093 can potentially allow unauthorized users to access converted images.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/references
agent/severity
agent/author
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/open-xchange
canonical/open-xchange documents
version/open-xchange documents/7.10.5
version/open-xchange documents/7.10.5-revision1
version/open-xchange documents/7.10.5-revision2
version/open-xchange documents/7.10.5-revision3
version/open-xchange documents/7.10.5-revision4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.