漏洞标题
N/A
漏洞描述信息
在Open-Xchange OX App Suite 7.8.1-rev11之前发现了一个问题。配置外部邮件账户的API可能会被滥用,用于在运营商的信任边界内绘制和访问网络组件。用户可以将任意主机和端口注入到API调用中。根据响应类型、内容和延迟,可以收集有关主机和服务的存在的信息。攻击者可以获得运营商基础设施的内部配置信息,以准备后续的攻击。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Open-Xchange OX App Suite 跨站请求伪造漏洞
漏洞描述信息
Open-Xchange OX App Suite是美国Open-Xchange公司的一套Web云桌面环境。该环境允许用户更直观的管理电子邮件、任务和文件等。 Open-Xchange OX App Suite 7.8.1-rev11之前的版本中存在安全漏洞。攻击者可利用该漏洞获取敏感信息。
CVSS信息
N/A
漏洞类别
跨站请求伪造