medium
5.3
CWE
918
Advisory Published
Updated

CVE-2022-37313: SSRF

First published: Mon Dec 26 2022(Updated: )

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Open-Xchange App Suite Backend<7.10.5
Open-Xchange App Suite Backend=7.10.5
Open-Xchange App Suite Backend=7.10.5-patch_release_5961
Open-Xchange App Suite Backend=7.10.5-patch_release_5973
Open-Xchange App Suite Backend=7.10.5-patch_release_5976
Open-Xchange App Suite Backend=7.10.5-patch_release_5982
Open-Xchange App Suite Backend=7.10.5-patch_release_5989
Open-Xchange App Suite Backend=7.10.5-patch_release_5994
Open-Xchange App Suite Backend=7.10.5-patch_release_6000
Open-Xchange App Suite Backend=7.10.5-patch_release_6003
Open-Xchange App Suite Backend=7.10.5-patch_release_6008
Open-Xchange App Suite Backend=7.10.5-patch_release_6010
Open-Xchange App Suite Backend=7.10.5-patch_release_6016
Open-Xchange App Suite Backend=7.10.5-patch_release_6020
Open-Xchange App Suite Backend=7.10.5-patch_release_6026
Open-Xchange App Suite Backend=7.10.5-patch_release_6029
Open-Xchange App Suite Backend=7.10.5-patch_release_6034
Open-Xchange App Suite Backend=7.10.5-patch_release_6035
Open-Xchange App Suite Backend=7.10.5-patch_release_6038
Open-Xchange App Suite Backend=7.10.5-patch_release_6046
Open-Xchange App Suite Backend=7.10.5-patch_release_6051
Open-Xchange App Suite Backend=7.10.5-patch_release_6053
Open-Xchange App Suite Backend=7.10.5-patch_release_6060
Open-Xchange App Suite Backend=7.10.5-patch_release_6061
Open-Xchange App Suite Backend=7.10.5-patch_release_6066
Open-Xchange App Suite Backend=7.10.5-patch_release_6068
Open-Xchange App Suite Backend=7.10.5-patch_release_6072
Open-Xchange App Suite Backend=7.10.5-patch_release_6079
Open-Xchange App Suite Backend=7.10.5-patch_release_6084
Open-Xchange App Suite Backend=7.10.5-patch_release_6092
Open-Xchange App Suite Backend=7.10.5-patch_release_6101
Open-Xchange App Suite Backend=7.10.5-patch_release_6111
Open-Xchange App Suite Backend=7.10.5-patch_release_6120
Open-Xchange App Suite Backend=7.10.5-patch_release_6132
Open-Xchange App Suite Backend=7.10.5-patch_release_6137
Open-Xchange App Suite Backend=7.10.5-patch_release_6140
Open-Xchange App Suite Backend=7.10.5-patch_release_6149
Open-Xchange App Suite Backend=7.10.6
Open-Xchange App Suite Backend=7.10.6-patch_release_6069
Open-Xchange App Suite Backend=7.10.6-patch_release_6073
Open-Xchange App Suite Backend=7.10.6-patch_release_6080
Open-Xchange App Suite Backend=7.10.6-patch_release_6085
Open-Xchange App Suite Backend=7.10.6-patch_release_6093
Open-Xchange App Suite Backend=7.10.6-patch_release_6102
Open-Xchange App Suite Backend=7.10.6-patch_release_6112
Open-Xchange App Suite Backend=7.10.6-patch_release_6121
Open-Xchange App Suite Backend=7.10.6-patch_release_6133
Open-Xchange App Suite Backend=7.10.6-patch_release_6138
Open-Xchange App Suite Backend=7.10.6-patch_release_6141
Open-Xchange App Suite Backend=7.10.6-patch_release_6146
Open-Xchange App Suite Backend=7.10.6-patch_release_6147
Open-Xchange App Suite Backend=7.10.6-patch_release_6148
Open-Xchange App Suite Backend=7.10.6-patch_release_6150

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-37313?

    CVE-2022-37313 has a medium severity rating due to its potential for server-side request forgery (SSRF).

  • How do I fix CVE-2022-37313?

    To fix CVE-2022-37313, upgrade to Open-Xchange App Suite version 7.10.7 or later, which includes the necessary patches.

  • What software is affected by CVE-2022-37313?

    CVE-2022-37313 affects Open-Xchange App Suite versions up to 7.10.6.

  • What is SSRF in the context of CVE-2022-37313?

    In the context of CVE-2022-37313, SSRF refers to a vulnerability that allows an attacker to make requests to internal resources from the vulnerable server.

  • Can CVE-2022-37313 be exploited remotely?

    Yes, CVE-2022-37313 can be exploited remotely without authentication, making it critical to address promptly.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203