CVE-2022-43699 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-43699 PUBLISHED CVSS 4.300000190734863 MEDIUM

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).

EPSS 0.09% · 24.9th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.09%

24.9th percentile

Affected Products

Vendor	Product	Versions
open-xchange	ox_app_suite	7.10.6, 0, 7.10.6
n/a	n/a	n/a

Timeline

Nov 1, 2022 CVE Published
Apr 15, 2023 EPSS Score
May 22, 2023 EPSS Score
Jun 28, 2023 EPSS Score
Aug 4, 2023 EPSS Score
Sep 10, 2023 EPSS Score
Oct 17, 2023 EPSS Score
Nov 23, 2023 EPSS Score
Dec 30, 2023 EPSS Score
Jan 22, 2024 CVE Updated
Feb 5, 2024 EPSS Score
Mar 13, 2024 EPSS Score

References

Open in Interactive Console →