CVE-2020-12645

CRITICAL

OX App Suite 7.10.1-7.10.3 - Info Disclosure

Title source: llm

Description

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.

References (2)

[Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2020/Aug/14

[Vendor Advisory] https://www.open-xchange.com/

Scores

CVSS v3 9.8

EPSS 0.0034

EPSS Percentile 56.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-307

Status published

Affected Products (1)

open-xchange/open-xchange_appsuite < 7.10.3

Timeline

Published Aug 31, 2020

Tracked Since Feb 18, 2026