Open-Xchange issues fixes for RCE SSRF bugs in OX App Suite


Two remote code execution (RCE) vulnerabilities that were found in the software’s document converter component were fixed in the most recent patch release. The CVSS ratings for CVE-2022-23100 and CVE-2022-24405 were 8.2 and 7.3, respectively.

Additionally, a server-side request forgery (SSRF) flaw was discovered in the document converter API (CVE-2022-24406) that might have allowed attackers to forecast multipart form data bounds and replace its contents. Read More…