CWE
918
Advisory Published
Updated

CVE-2022-37313: SSRF

First published: Mon Dec 26 2022(Updated: )

OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Open-xchange Open-xchange Appsuite<7.10.5
Open-xchange Open-xchange Appsuite=7.10.5
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_5961
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_5973
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_5976
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_5982
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_5989
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_5994
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6000
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6003
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6008
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6010
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6016
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6020
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6026
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6029
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6034
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6035
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6038
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6046
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6051
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6053
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6060
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6061
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6066
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6068
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6072
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6079
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6084
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6092
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6101
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6111
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6120
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6132
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6137
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6140
Open-xchange Open-xchange Appsuite=7.10.5-patch_release_6149
Open-xchange Open-xchange Appsuite=7.10.6
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6069
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6073
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6080
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6085
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6093
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6102
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6112
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6121
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6133
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6138
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6141
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6146
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6147
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6148
Open-xchange Open-xchange Appsuite=7.10.6-patch_release_6150

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203