CVE-2022-43699

CVSS V2 None CVSS V3 None
Description
OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).
Overview
  • CVE ID
  • CVE-2022-43699
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-15T02:15:07
  • Last Modified Date
  • 2023-04-24T19:46:49
Weakness Enumerations
CWE URL
CWE-918 http://cwe.mitre.org/data/definitions/918.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:* 1 OR 7.10.6
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:* 1 OR
cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://open-xchange.com
https://seclists.org/fulldisclosure/2023/Feb/3
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-43699
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43699
History
Created Old Value New Value Data Type Notes
2023-04-17 04:46:17 Added to TrackCVE
2023-04-19 17:01:17 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-24 20:01:06 2023-04-24T19:46:49 CVE Modified Date updated
2023-04-24 20:01:06 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-24 20:01:07 Weakness Enumeration new
2023-04-24 20:01:10 CPE Information updated