Vulnerability CVE-2023-26439


Published: 2023-08-02

Description:
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
OX App Suite SSRF / SQL Injection / Cross Site Scripting
Mehmet Ince
03.08.2023

 References:
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0003.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf

Copyright 2024, cxsecurity.com

 

Back to Top