CVE-2023-29047
5.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OX Software GmbH | OX App Suite | 0 <= 7.10.6-rev5 | affected |
| OX Software GmbH | OX App Suite | 0 <= 8.12 | affected |
Weaknesses
- CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf
- https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.