CVE-2014-5237
Open-Xchange AppSuite < 7.4.2-rev10 and 7.6.x < 7.6.0-rev10 - Server-Side Request Forgery via Document Image Preview
Title source: llmDescription
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533443/100/0/threaded
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html
Vendor Advisory x_refsource_confirm
http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf
Scores
EPSS
0.0042
EPSS Percentile
61.9%
Details
Status
published
Products (2)
open-xchange/app_suite
7.4.2 rev6 (4 CPE variants)
open-xchange/app_suite
7.6.0 rev6 (4 CPE variants)
Published
Dec 01, 2014
Tracked Since
Feb 18, 2026