What is the severity of CVE-2022-43699?

The severity of CVE-2022-43699 is medium with a score of 4.3.

What software is affected by CVE-2022-43699?

OX App Suite versions up to and including 7.10.6-rev30 are affected by CVE-2022-43699.

SSRF stands for Server-Side Request Forgery, which is a vulnerability that allows an attacker to make requests to internal or external resources on behalf of the vulnerable server.

How can an adversary exploit CVE-2022-43699?

An adversary who controls the DNS records of an external domain can exploit CVE-2022-43699 by attacking the e-mail account discovery feature of OX App Suite.

Where can I get more information about CVE-2022-43699?

You can find more information about CVE-2022-43699 on the official Open-xchange website and the seclists.org mailing list.

Vulnerability/
CVE-2022-43699

medium

4.3

CWE

918

15/4/2023

3/8/2024

CVE-2022-43699: SSRF

First published: Sat Apr 15 2023(Updated: )

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Open-xchange Ox App Suite	<7.10.6
Open-xchange Ox App Suite	=7.10.6
Open-xchange Ox App Suite	=7.10.6-rev01
Open-xchange Ox App Suite	=7.10.6-rev02
Open-xchange Ox App Suite	=7.10.6-rev03
Open-xchange Ox App Suite	=7.10.6-rev04
Open-xchange Ox App Suite	=7.10.6-rev05
Open-xchange Ox App Suite	=7.10.6-rev06
Open-xchange Ox App Suite	=7.10.6-rev07
Open-xchange Ox App Suite	=7.10.6-rev08
Open-xchange Ox App Suite	=7.10.6-rev09
Open-xchange Ox App Suite	=7.10.6-rev10
Open-xchange Ox App Suite	=7.10.6-rev11
Open-xchange Ox App Suite	=7.10.6-rev12
Open-xchange Ox App Suite	=7.10.6-rev13
Open-xchange Ox App Suite	=7.10.6-rev14
Open-xchange Ox App Suite	=7.10.6-rev15
Open-xchange Ox App Suite	=7.10.6-rev16
Open-xchange Ox App Suite	=7.10.6-rev17
Open-xchange Ox App Suite	=7.10.6-rev18
Open-xchange Ox App Suite	=7.10.6-rev19
Open-xchange Ox App Suite	=7.10.6-rev20
Open-xchange Ox App Suite	=7.10.6-rev21
Open-xchange Ox App Suite	=7.10.6-rev22
Open-xchange Ox App Suite	=7.10.6-rev23
Open-xchange Ox App Suite	=7.10.6-rev24
Open-xchange Ox App Suite	=7.10.6-rev25
Open-xchange Ox App Suite	=7.10.6-rev26
Open-xchange Ox App Suite	=7.10.6-rev27
Open-xchange Ox App Suite	=7.10.6-rev28
Open-xchange Ox App Suite	=7.10.6-rev29

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-43699?
The severity of CVE-2022-43699 is medium with a score of 4.3.
What software is affected by CVE-2022-43699?
OX App Suite versions up to and including 7.10.6-rev30 are affected by CVE-2022-43699.
What is SSRF?
SSRF stands for Server-Side Request Forgery, which is a vulnerability that allows an attacker to make requests to internal or external resources on behalf of the vulnerable server.
How can an adversary exploit CVE-2022-43699?
An adversary who controls the DNS records of an external domain can exploit CVE-2022-43699 by attacking the e-mail account discovery feature of OX App Suite.
Where can I get more information about CVE-2022-43699?
You can find more information about CVE-2022-43699 on the official Open-xchange website and the seclists.org mailing list.

collector/nvd-index
agent/softwarecombine
agent/type
agent/references
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/last-modified-date
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/open-xchange
canonical/open-xchange ox app suite
version/open-xchange ox app suite/7.10.6
version/open-xchange ox app suite/7.10.6-rev01
version/open-xchange ox app suite/7.10.6-rev02
version/open-xchange ox app suite/7.10.6-rev03
version/open-xchange ox app suite/7.10.6-rev04
version/open-xchange ox app suite/7.10.6-rev05
version/open-xchange ox app suite/7.10.6-rev06
version/open-xchange ox app suite/7.10.6-rev07
version/open-xchange ox app suite/7.10.6-rev08
version/open-xchange ox app suite/7.10.6-rev09
version/open-xchange ox app suite/7.10.6-rev10
version/open-xchange ox app suite/7.10.6-rev11
version/open-xchange ox app suite/7.10.6-rev12
version/open-xchange ox app suite/7.10.6-rev13
version/open-xchange ox app suite/7.10.6-rev14
version/open-xchange ox app suite/7.10.6-rev15
version/open-xchange ox app suite/7.10.6-rev16
version/open-xchange ox app suite/7.10.6-rev17
version/open-xchange ox app suite/7.10.6-rev18
version/open-xchange ox app suite/7.10.6-rev19
version/open-xchange ox app suite/7.10.6-rev20
version/open-xchange ox app suite/7.10.6-rev21
version/open-xchange ox app suite/7.10.6-rev22
version/open-xchange ox app suite/7.10.6-rev23
version/open-xchange ox app suite/7.10.6-rev24
version/open-xchange ox app suite/7.10.6-rev25
version/open-xchange ox app suite/7.10.6-rev26
version/open-xchange ox app suite/7.10.6-rev27
version/open-xchange ox app suite/7.10.6-rev28
version/open-xchange ox app suite/7.10.6-rev29

CVE-2022-43699: SSRF

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-43699?

What software is affected by CVE-2022-43699?

What is SSRF?

How can an adversary exploit CVE-2022-43699?

Where can I get more information about CVE-2022-43699?

Company

Resources

Contact