CVE-2022-43699 — Vulnetix

CVE-2022-43699 PUBLISHED CVSS 4.300000190734863 MEDIUM

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).

EPSS 0.15% · 35.6th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.15%

35.6th percentile

Affected Products

Vendor	Product	Versions
open-xchange	ox_app_suite	0, 7.10.6, 7.10.6
n/a	n/a	n/a

Exploit Intelligence

https://open-xchange.com (circl)
https://seclists.org/fulldisclosure/2023/Feb/3 (circl)

Timeline

Nov 1, 2022 CVE Published
Apr 15, 2023 EPSS Score
May 23, 2023 EPSS Score
Jun 29, 2023 EPSS Score
Aug 6, 2023 EPSS Score
Sep 12, 2023 EPSS Score
Oct 20, 2023 EPSS Score
Nov 27, 2023 EPSS Score
Jan 3, 2024 EPSS Score
Jan 22, 2024 CVE Updated
Feb 10, 2024 EPSS Score
Mar 19, 2024 EPSS Score

References

https://open-xchange.com url
https://seclists.org/fulldisclosure/2023/Feb/3 url
https://nvd.nist.gov/vuln/detail/CVE-2022-43699 advisory

Open in Interactive Console →