First published: Mon Dec 26 2022(Updated: )
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Open-Xchange App Suite Backend | <7.10.5 | |
Open-Xchange App Suite Backend | =7.10.5 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_5961 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_5973 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_5976 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_5982 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_5989 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_5994 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6000 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6003 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6008 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6010 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6016 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6020 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6026 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6029 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6034 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6035 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6038 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6046 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6051 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6053 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6060 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6061 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6066 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6068 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6072 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6079 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6084 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6092 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6101 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6111 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6120 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6132 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6137 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6140 | |
Open-Xchange App Suite Backend | =7.10.5-patch_release_6149 | |
Open-Xchange App Suite Backend | =7.10.6 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6069 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6073 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6080 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6085 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6093 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6102 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6112 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6121 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6133 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6138 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6141 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6146 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6147 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6148 | |
Open-Xchange App Suite Backend | =7.10.6-patch_release_6150 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37313 has a medium severity rating due to its potential for server-side request forgery (SSRF).
To fix CVE-2022-37313, upgrade to Open-Xchange App Suite version 7.10.7 or later, which includes the necessary patches.
CVE-2022-37313 affects Open-Xchange App Suite versions up to 7.10.6.
In the context of CVE-2022-37313, SSRF refers to a vulnerability that allows an attacker to make requests to internal resources from the vulnerable server.
Yes, CVE-2022-37313 can be exploited remotely without authentication, making it critical to address promptly.