Skip to main content

Ox App Suite CVE-2021-38376

MEDIUM
Improper Authentication (CWE-287)
2021-11-22 cve@mitre.org
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 22, 2021 - 09:15 nvd
MEDIUM 5.3

DescriptionNVD

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.

AnalysisAI

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. Affected products include: Open-Xchange Ox App Suite. Version information: through 7.10.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2022-24405 CRITICAL POC
9.8 Jul 27

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. Rated

CVE-2022-23100 CRITICAL POC
9.8 Jul 27

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). Rated

CVE-2022-24406 MEDIUM POC
6.5 Jul 27

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to inj

CVE-2021-33491 MEDIUM POC
6.5 Nov 22

OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandlin

CVE-2022-23101 MEDIUM POC
6.1 Jul 27

OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. Rated medium severity (CVSS 6

CVE-2021-38377 MEDIUM POC
6.1 Nov 22

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because th

CVE-2021-38375 MEDIUM POC
6.1 Nov 22

OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. Rated medi

CVE-2021-33495 MEDIUM POC
6.1 Nov 22

OX App Suite 7.10.5 allows XSS via an OX Chat system message. Rated medium severity (CVSS 6.1), this vulnerability is re

CVE-2021-33494 MEDIUM POC
6.1 Nov 22

OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. Rated medium severity (CVSS 6.1), this

CVE-2021-33492 MEDIUM POC
6.1 Nov 22

OX App Suite 7.10.5 allows XSS via an OX Chat room name. Rated medium severity (CVSS 6.1), this vulnerability is remotel

CVE-2021-33490 MEDIUM POC
6.1 Nov 22

OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. Rated medium severity (CVSS 6.1

CVE-2021-33489 MEDIUM POC
6.1 Nov 22

OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. Rated medium severity (CVSS 6.1), this

Share

CVE-2021-38376 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy